Mass exploitation of signed vulnerable drivers by 54 EDR killer tools via BYOVD technique

Researchers from the University of of Toronto demonstrated the GPUBreach attack, a new Rowhammer-based technique that corrupts GDDR6 GPU page tables to grant unprivileged CUDA kernels arbitrary read/write access to GPU memory. The vulnerability is chained with memory-safety flaws in the NVIDIA driver to escalate privileges from an unprivileged context to full system compromise—including root shell access—without disabling IOMMU or relying on prior GPU Rowhammer research. The attack bypasses IOMMU protection by corrupting trusted driver state via GPU-controlled memory, making it effective even on systems with hardware memory isolation enabled. Demonstrated on NVIDIA RTX A6000 GPUs with GDDR6 memory, the technique enables cross-process data exposure, cryptographic key leakage, manipulation of ML processes (reducing accuracy from 80% to 0%), and extraction of sensitive data such as LLM weights. While ECC mitigation exists, it may fail to detect multiple bit-flips, leaving systems exposed. The research is scheduled for presentation at the 47th IEEE Symposium on Security & Privacy in 2026 and follows NVIDIA’s November 2025 notification of related risks.

A security vulnerability in UEFI implementations on motherboards from ASRock, ASUS, GIGABYTE, and MSI allows early-boot DMA attacks. The flaw, discovered by researchers at Riot Games, occurs due to a discrepancy in DMA protection status, where the firmware indicates DMA protection is active but fails to enable the IOMMU during the boot phase. This gap allows malicious PCIe devices with physical access to read or modify system memory before the operating system's security features are established. The vulnerabilities, tracked as CVE-2025-14304, CVE-2025-11901, CVE-2025-14302, and CVE-2025-14303, affect various chipset series from the mentioned vendors. Successful exploitation could enable pre-boot code injection and access to sensitive data. Vendors have released firmware updates to address the issue, and users are advised to apply these updates promptly. The vulnerability was discovered by Riot Games researchers Nick Peterson and Mohamed Al-Sharifi, who worked with CERT Taiwan to coordinate a response. On vulnerable systems, some Riot Games titles, such as Valorant, will not launch due to the Vanguard system, which blocks the game to ensure system integrity.

Chinese-speaking users are targeted by a malware campaign using SEO poisoning and fake software sites to distribute HiddenGh0st, Winos, and kkRAT. The campaign manipulates search rankings and uses trojanized installers to deliver the malware. The attacks exploit vulnerabilities in popular software and use various techniques to evade detection and maintain persistence. The malware is designed to establish command-and-control communication, monitor user activity, and steal sensitive information. The threat actor Dragon Breath, also known as APT-Q-27 and Golden Eye, uses RONINGLOADER to deliver a modified variant of Gh0st RAT. The campaign employs trojanized NSIS installers masquerading as legitimate software like Google Chrome and Microsoft Teams. The malware targets specific antivirus programs, including Microsoft Defender Antivirus, Kingsoft Internet Security, Tencent PC Manager, and Qihoo 360 Total Security. The malware uses a Bring Your Own Vulnerable Driver (BYOVD) technique to disarm antivirus software. The final malware deployed is a modified version of Gh0st RAT, designed to communicate with a remote server to fetch additional instructions. The campaign was discovered in August 2025 and involves multiple malware families, including HiddenGh0st and Winos, which are variants of Gh0st RAT. The attacks use fake software sites and GitHub Pages to distribute the malware, exploiting the trust associated with legitimate platforms. The malware employs sophisticated techniques to evade detection and maintain persistence, including anti-analysis checks and TypeLib COM hijacking. Two interconnected malware campaigns, Campaign Trio and Campaign Chorus, have employed large-scale brand impersonation to deliver Gh0st RAT to Chinese-speaking users. Additionally, a new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations. The backdoor has been attributed to the Mustang Panda group, also known as HoneyMyte or Bronze President, that usually targets government agencies, NGOs, think tanks, and other high-profile organizations worldwide. The new variant of the ToneShell backdoor features changes and stealth enhancements, including a new host identification scheme and network traffic obfuscation with fake TLS headers. The driver file is signed with an old, stolen, or leaked digital certificate from Guangzhou Kingteller Technology Co., Ltd, valid from August 2012 to 2015. The driver registers as a minifilter driver on infected machines, injecting a backdoor trojan into system processes and providing protection for malicious files, user-mode processes, and registry keys. The driver resolves required kernel APIs dynamically at runtime by using a hashing algorithm to match the required API addresses. The driver monitors file-delete and file-rename operations to prevent itself from being removed or renamed. The driver denies attempts to create or open Registry keys that match against a protected list by setting up a RegistryCallback routine and ensuring that it operates at an altitude of 330024 or higher. The driver interferes with the altitude assigned to WdFilter.sys, a Microsoft Defender driver, changing it to zero, thereby preventing it from being loaded into the I/O stack. The driver intercepts process-related operations and denies access if the action targets any process that's on a list of protected process IDs when they are running. The driver removes rootkit protection for those processes once execution completes. The driver drops two user-mode payloads, one of which spawns an "svchost.exe" process and injects a small delay-inducing shellcode. The second payload is the TONESHELL backdoor that's injected into that same "svchost.exe" process. Once launched, the backdoor establishes contact with a C2 server ("avocadomechanism[.]com" or "potherbreference[.]com") over TCP on port 443, using the communication channel to receive commands. The backdoor commands include creating temporary files for incoming data, downloading files, canceling downloads, establishing a remote shell via pipe, receiving operator commands, terminating the shell, uploading files, canceling uploads, and closing the connection. The use of TONESHELL has been attributed to Mustang Panda since at least late 2022. As recently as September 2025, the threat actor was linked to attacks targeting Thai entities with TONESHELL and a USB worm named TONEDISK (aka WispRider) that uses removable devices as a distribution vector for a backdoor referred to as Yokai. The C2 infrastructure used for TONESHELL was erected in September 2024, although there are indications that the campaign itself did not commence until February 2025. The exact initial access pathway used in the attack is not clear, but it's suspected that the attackers abused previously compromised machines to deploy the malicious driver. Memory forensics is key to analyzing the new TONESHELL infections, as the shellcode executes entirely in memory. HoneyMyte's 2025 operations show a noticeable evolution toward using kernel-mode injectors to deploy ToneShell, improving both stealth and resilience. The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. CoolClient has been associated with Mustang Panda since 2022, deployed as a secondary backdoor alongside PlugX and LuminousMoth. The updated malware version has been observed in attacks targeting government entities in Myanmar, Mongolia, Malaysia, Russia, and Pakistan and were deployed via legitimate software from Sangfor, a Chinese company specialized in cybersecurity, cloud computing, and IT infrastructure products. CoolClient uses encrypted .DAT files in a multi-stage execution and achieves persistence via Registry modifications, the addition of new Windows services, and scheduled tasks. It also supports UAC bypassing and privilege escalation. CoolClient's core features are integrated in a DLL embedded in a file called main.dat. When launched, it first checks whether the keylogger, clipboard stealer, and HTTP proxy credential sniffer are enabled. New CoolClient capabilities include a clipboard monitoring module, the ability to perform active window title tracking, and HTTP proxy credential sniffing that relies on raw packet inspection and headers extraction. The plugin ecosystem has been expanded with a dedicated remote shell plugin, a service management plugin, and a more capable file management plugin. The service management plugin allows the operators to enumerate, create, start, stop, delete, and modify the startup configuration of Windows services. The file management plugin provides extended file operations, including drive enumeration, file search, ZIP compression, network drive mapping, and file execution. Remote shell functionality is implemented via a separate plugin that spawns a hidden cmd.exe process and redirects its standard input and output through pipes, enabling interactive command execution over the command-and-control (C2) channel. A novelty in CoolClient’s operation is the deployment of infostealers to collect login data from browsers. Kaspersky documented three distinct families targeting Chrome (variant A), Edge (variant B), and a more versatile variant C that targets any Chromium-based browser. Another notable operational shift is that browser data theft and document exfiltration now leverage hardcoded API tokens for legitimate public services like Google Drive or Pixeldrain to evade detection.