this post was submitted on 16 Aug 2025
33 points (100.0% liked)

cybersecurity

4800 readers
61 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 2 years ago
MODERATORS
shellsharks
tweedge
33
SoupDealer Malware Bypasses Every Sandbox, AV's and EDR/XDR in Real-World Incidents (cybersecuritynews.com)
submitted 1 day ago by cm0002@piefed.world to c/cybersecurity
9 comments fedilink hide all child comments
top 9 comments
sorted by: hot top controversial new old
[–] frongt@lemmy.zip 14 points 1 day ago (1 children)

In live incidents, SoupDealer bypassed host‐based antivirus checks by confirming no security products were active before proceeding.

That's a pretty narrow victim demographic. Windows has Defender enabled out of the box. I don't see any investigation on the C2 connection, either, so I'm left wondering who the attacked and intended targets are.

[–] Hirom@beehaw.org 2 points 1 day ago

And it downloads Tor to connect to C2. So it's a machine with Internet access AND without security mesures.

So it might be a target with poor IT. A windows machine shouldn't be left without AV, especially if it has Internet access.

[–] sad_detective_man@leminal.space 5 points 1 day ago (2 children)

Why would somebody only target machines in Turkey?

[–] hakki@floss.social 1 points 18 hours ago

@sad_detective_man @cm0002 Turkey is also somehow a border of the NATO - that can also be a key

[–] ButtermilkBiscuit@feddit.nl 5 points 1 day ago (1 children)

Greece has entered the chat

[–] sad_detective_man@leminal.space 5 points 1 day ago (1 children)

oh wait. yeah, look I'm not a smart man

[–] lurch@sh.itjust.works 5 points 1 day ago

I'm a smart man and I think your question still stands. Why shouldn't they get along like normal people. (Intentionally no question mark.)

[–] salacious_coaster 4 points 1 day ago

Yikes 😬

[–] SendMePhotos@lemmy.world 1 points 1 day ago