New Phoenix Keylogger tries to stop over 80 security products to avoid detection

Sophistication in info stealing…:

[…] In addition, Phoenix has also gained an aggressive anti-AV and anti-VM module that tries to keep the malware from being detected and analyzed while deployed “in the field.”

Both modules work in the same way, coming with a list of preset process names that Phoenix will attempt to shut down before continuing to operate.

The list includes the names of more than 80 well-known security products and virtual machine (VM) technologies, often used for malware reverse engineering and analysis.


Original Article