'Harmless' Global Adware Transforms Into an AV Killer
Summary
A previously benign adware campaign, Dragon Boss, has evolved to become a significant threat by incorporating capabilities to evade Windows Defender. The update, released in March 2025, establishes persistence through scheduled tasks and manipulates system settings to exclude future malicious payloads from antivirus detection.
IFF Assessment
This is bad news for defenders because a previously low-risk threat has evolved to actively evade critical security software like Windows Defender.
Defender Context
This development highlights the constant cat-and-mouse game between threat actors and defensive measures. Defenders need to remain vigilant about the evolving tactics of even seemingly minor threats, as they can quickly gain more sophisticated evasion techniques. Monitoring for anomalous scheduled tasks and unusual exclusions from security software would be key indicators.