Akira Campaign Exploits Intel Driver to Disable Antivirus

21 Aug 2025

In the digital landscape, where security is paramount, the Akira ransomware emerges as a critical threat. Utilizing an unexpected vector, this campaign leverages a legitimate Intel CPU tuning driver to undermine Microsoft Defender’s robust defenses on Windows 11 systems.

Exploiting System Vulnerabilities

The attackers cleverly exploit the signed driver rwdrv.sys, originally used by the CPU tuning software ThrottleStop, by registering it as a service. This registration grants them kernel-level access, a powerful entry point in the Windows operating system. This method, identified by experts as a Bring Your Own Vulnerable Driver (BYOVD) attack, facilitates the deployment of a secondary, malicious driver hlpdrv.sys.

Once installed, this secondary driver exploits the system further by modifying the Microsoft Defender's DisableAntiSpyware registry setting through regedit.exe. This manipulation effectively turns off the built-in antivirus protections, leaving the system exposed to further attacks.

Preventive Measures and Mitigation Strategies

Researchers from Guidepoint Security have taken proactive measures to combat this threat. They have developed and published a YARA rule alongside indicators of compromise to aid cybersecurity professionals in detecting Akira-related activities. As these indicators emerge, applying filters and blocks is recommended to thwart potential breaches.

  • Monitor for Akira-related activities consistently.
  • Apply suggested filters and blocks promptly.
  • Download software strictly from official and trusted sources.

In response to this threat, experts underscore the importance of constant vigilance and adopting robust security measures, urging users to restrict software downloads to verified and trustworthy sources only.

The early detection of the Akira campaign has allowed researchers and cybersecurity teams to develop sufficient mitigations, emphasizing collaboration and timely intervention as key elements in safeguarding against such sophisticated cyber threats.

Update: 21 Aug 2025

Top charts for Desktop Windows

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
7508546
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1735202
downloads
WinRAR

WinRAR

Streamline file management with fast compression, secure your documents, and save space.

5
735 reviews
746688
downloads
Minecraft

Minecraft

Shape environments, explore vast worlds, and survive against monsters with endless creativity.

5
750 reviews
495159
downloads

News and reviews for Desktop Windows

Visio 2021 Professional Now $9.97 Until February 8

Visio 2021 Professional Now $9.97 Until February 8

Microsoft offers Visio 2021 Professional for $9.97, down from $249, with added templates, until February 8.

Read more
Code Vein Offers Stylish Combat, Discounted Editions

Code Vein Offers Stylish Combat, Discounted Editions

Code Vein captivates with anime-style combat and offers discounted editions. Fast-paced action meets fun builds in this cult classic.

Read more
Microsoft Phases Out RC4 in Kerberos for Windows Security

Microsoft Phases Out RC4 in Kerberos for Windows Security

Microsoft to eliminate RC4 in Kerberos by July 2026, enhancing Windows security.

Read more
Highguard Faces Criticism but Shows Potential for Growth

Highguard Faces Criticism but Shows Potential for Growth

Highguard, launched with controversy, holds potential despite poor reviews. Offering genre innovation, it aims to evolve against negative feedback.

Read more
PS2Recomp Boosts Native PS2 Games with Recompilation

PS2Recomp Boosts Native PS2 Games with Recompilation

PS2Recomp, a new tool, promises enhanced native PS2 game ports, sparking interest among developers for PC platforms.

Read more
NVIDIA Introduces RTX Remix Logic for Classic Game Mods

NVIDIA Introduces RTX Remix Logic for Classic Game Mods

NVIDIA's RTX Remix Logic, launched on 2026-01-27, enables dynamic modding of classic PC games with a no-code node-based interface.

Read more
Windows 11 Update KB5074109 Affects Legacy Modems

Windows 11 Update KB5074109 Affects Legacy Modems

The Windows 11 update KB5074109 disrupts modems by removing several legacy drivers, causing connectivity issues for select users.

Read more
Anytype Replaces Notion, Obsidian, and Todoist for Unified Workflow

Anytype Replaces Notion, Obsidian, and Todoist for Unified Workflow

Anytype consolidates Notion, Obsidian, and Todoist functions, reducing context-switching and improving workflow efficiency.

Read more
ReBlade: Cyberpunk Roguelike Announced by ChillyRoom

ReBlade: Cyberpunk Roguelike Announced by ChillyRoom

ReBlade from ChillyRoom and Spiral Up Games announced for PC: cyberpunk roguelike offers high-speed action in a dystopian setting.

Read more
Artorias Battles Elden Ring Bosses in New Video Showcase

Artorias Battles Elden Ring Bosses in New Video Showcase

Artorias from Dark Souls faces Elden Ring bosses, demonstrating impressive skills in Fights' YouTube video.

Read more
All article