Feb 04 2026 EDR killer tool uses signed kernel driver from forensic software

Source

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. [...]