SoupDealer Malware Bypasses Every Sandbox, AV's and EDR/XDR in Real-World Incidents (cybersecuritynews.com)

submitted 4 months ago by cm0002@piefed.world to c/cybersecurity@infosec.pub

9 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] frongt@lemmy.zip 15 points 4 months ago

In live incidents, SoupDealer bypassed host‐based antivirus checks by confirming no security products were active before proceeding.

That's a pretty narrow victim demographic. Windows has Defender enabled out of the box. I don't see any investigation on the C2 connection, either, so I'm left wondering who the attacked and intended targets are.

[-] Hirom@beehaw.org 2 points 4 months ago

And it downloads Tor to connect to C2. So it's a machine with Internet access AND without security mesures.

So it might be a target with poor IT. A windows machine shouldn't be left without AV, especially if it has Internet access.

this post was submitted on 16 Aug 2025

34 points (100.0% liked)

cybersecurity

5382 readers

7 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub