{"id":9566,"date":"2025-12-31T10:01:23","date_gmt":"2025-12-31T10:01:23","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/12\/31\/hackers-advertised-void-av-killer-with-kernel-level-termination-claims\/"},"modified":"2025-12-31T10:01:23","modified_gmt":"2025-12-31T10:01:23","slug":"hackers-advertised-void-av-killer-with-kernel-level-termination-claims","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/12\/31\/hackers-advertised-void-av-killer-with-kernel-level-termination-claims\/","title":{"rendered":"Hackers Advertised VOID \u2018AV Killer\u2019 with Kernel-level Termination Claims"},"content":{"rendered":"<p>    Hackers Advertised VOID \u2018AV Killer\u2019 with Kernel-level Termination Claims<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>The cybercriminal threat actor known as Crypt4You has recently emerged on underground forums and dark web marketplaces, advertising a sophisticated tool named VOID KILLER. <\/p>\n<p>This malicious software operates as a kernel-level antivirus and endpoint detection response (EDR) process killer, designed to evade and neutralize security defenses. <\/p>\n<p>The tool is being marketed as an alternative to traditional crypters, representing a significant shift in how cybercriminals approach defense bypass mechanisms. <\/p>\n<p>By targeting the core of operating systems, VOID KILLER attempts to eliminate protective barriers that organizations rely on to detect and stop malicious activities.<\/p>\n<p>The emergence of VOID KILLER highlights an escalating threat landscape where attackers are investing in <a href=\"https:\/\/cybersecuritynews.com\/endpoint-security-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">advanced tools<\/a> to compromise enterprise environments. <\/p>\n<p>Unlike traditional <a href=\"https:\/\/cybersecuritynews.com\/chatgpt-powered-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">malware<\/a> that simply encrypts code, this kernel-level solution directly terminates security processes before they can respond to threats. <\/p>\n<p>Security researchers have documented that the tool directly challenges modern defensive architectures, particularly those relying on behavioral detection and real-time monitoring capabilities.<\/p>\n<p>KrakenLabs researchers and analysts <a href=\"https:\/\/x.com\/KrakenLabs_Team\/status\/2005963288123679213\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">identified<\/a> and documented the threat after examining the tool\u2019s advertising materials and claimed capabilities. <\/p>\n<h2 class=\"wp-block-heading\" id=\"h-void-killer-analysis\"><strong>VOID KILLER Analysis<\/strong><\/h2>\n<p>The analysis revealed that VOID KILLER represents a dangerous evolution in anti-detection technology, offering cybercriminals the means to operate with reduced oversight within compromised systems.<\/p>\n<figure class=\"wp-block-embed aligncenter is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"embed-twitter\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/17.0.2\/72x72\/1f6a8.png?ssl=1\" alt=\"\ud83d\udea8\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> VOID KILLER \u201cAV killer\u201d advertised with kernel-level termination claims<\/p>\n<p>The threat actor <a href=\"https:\/\/twitter.com\/hashtag\/Crypt4You?src=hash&amp;ref_src=twsrc%5Etfw\">#Crypt4You<\/a> is selling a tool called VOID KILLER: a \u201ckernel-level\u201d AV\/EDR process killer marketed as an alternative to crypters through underground forums and a dark web shop.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/17.0.2\/72x72\/1f6e0.png?ssl=1\" alt=\"\ud83d\udee0\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> Claimed\u2026 <a href=\"https:\/\/t.co\/Ux1oulM4wo\">pic.twitter.com\/Ux1oulM4wo<\/a><\/p>\n<p>\u2014 KrakenLabs (@KrakenLabs_Team) <a href=\"https:\/\/twitter.com\/KrakenLabs_Team\/status\/2005963288123679213?ref_src=twsrc%5Etfw\">December 30, 2025<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/div>\n<\/figure>\n<p>Kernel-level termination represents the most critical technical aspect of VOID KILLER\u2019s functionality. Operating at the kernel level means the tool executes with the highest system privileges, allowing it to bypass standard user-mode protections. <\/p>\n<p>According to the threat intelligence findings, VOID KILLER claims to terminate Windows Defender and approximately fifty consumer-grade antivirus solutions instantly, reportedly with zero detection at both scan and runtime stages. <\/p>\n<p>The tool employs polymorphic build techniques, generating fresh file hashes with each compilation to evade signature-based detection systems. <\/p>\n<p>Additionally, it incorporates automatic User Account Control (UAC) bypass mechanisms, enabling it to escalate privileges without triggering security alerts. <\/p>\n<p>The payload-agnostic architecture allows operators to inject any executable file, making VOID KILLER compatible with various malware families. <\/p>\n<p>Notably, the seller offers additional variants targeting enterprise solutions like <a href=\"https:\/\/cybersecuritynews.com\/kibana-crowdstrike-connector-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">CrowdStrike<\/a> and SentinelOne, sold separately for enhanced market penetration.<\/p>\n<p>The threat actor prices custom VOID KILLER builds at three hundred dollars per instance, accepting Bitcoin, Ethereum, Litecoin, and Monero. A demonstration video shared by Crypt4You further validates the tool\u2019s destructive capabilities. <\/p>\n<p>Organizations using Windows Defender, consumer antivirus software, and even advanced <a href=\"https:\/\/cybersecuritynews.com\/best-edr-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">EDR solutions<\/a> face heightened risk exposure. <\/p>\n<p>The advent of VOID KILLER underscores the necessity for defense-in-depth strategies and kernel-level security implementations to counter emerging threats effectively.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 91%,rgb(169,184,195) 100%)\"><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0<strong>Set CSN as a Preferred Source in\u00a0<a href=\"https:\/\/www.google.com\/preferences\/source?q=cybersecuritynews.com\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google<\/a>.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/hackers-advertised-void-av-killer\/\">Hackers Advertised VOID \u2018AV Killer\u2019 with Kernel-level Termination Claims<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Tushar Subhra Dutta<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/hackers-advertised-void-av-killer\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers Advertised VOID \u2018AV Killer\u2019 with Kernel-level Termination Claims The cybercriminal threat actor known as Crypt4You has recently emerged on underground forums and dark web marketplaces, advertising a sophisticated tool named VOID KILLER. This malicious software operates as a kernel-level antivirus and endpoint detection response (EDR) process killer, designed to evade and neutralize security defenses. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-9566","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9566"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9566"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9566\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}