Cyberattacks: ransomware and infostealers hijacking a Windows automation tool

Detecting malware such as ransomware and infostealers is the first step; however, the second step is fending off the attack. Particularly when attackers co-opt legitimate Windows tools such as Autolt to carry out their misdeeds. But what happens when a security solution cannot cope with it and does not detect the attackers, or if it does, what if it cannot put a stop to them? Answers to these questions are found in the latest Advanced Threat Protection test – ATP test for short. The test uses 10 real-world scenarios to examine whether a security solution is capable of deploying its entire arsenal of additional protection tools and defending the system as promised. If it is not possible, then the ransomware or infostealer attack was successful. But not to worry here, because our test shows that the security solutions are up to the task.

Even experts find it difficult to keep track of things with all the hacker groups that are out there. New groups are constantly appearing on the scene and renting out their infrastructure to so-called “affiliates” (i.e., criminal partners who execute the attacks) as Ransomware-as-a-Service (RaaS). This only increases the number of threats circulating online. Of course, there are also dark web services for infostealers and other malware.

No matter whether it’s Qilin, Play, Cl0p, RansomHub or Akira, hacker groups all use the latest attack methods and delivery routes available, adapting their malware – often by employing AI technology. But they are not the only ones capable of adaptation: The Advanced Threat Protection test adapts its testing every 2 months as well and incorporates these attack methods for the malware used in the test. […]

LINK: www.av-test.org/en/news/cyberattacks-ransomware-and-infostealers-hijacking-a-windows-automation-tool/

Here is an overview of the article: 

  • High level of defense against dangerous ransomware and infostealers
  • The 10 test scenarios
  • The ATP test of 8 security packages for consumer users
  • The ATP test of 9 security solutions for corporate users
  • The ATP test with many excellent scores

Due to the size of the file, the full set of charts and results from this test-run are not attached, but you can download them from here (about 15 MB): www.av-test.org/fileadmin/Tests/Mediapacks/2026/AV-TEST_2026-04_Advanced_Threat_Protection_review_mediapack.zip

The attached data can be used to create at-a-glance overviews or statistics of the test results, starting immediately (there is no embargo).

You are free to use the results as a basis for your own reviews, as long as a reference to "AV-TEST Institute" – with an active link to our website:
www.av-test.org – is given as source. Thank you!

Über die AV-TEST – SITS Deutschland GmbH

AV-TEST is an independent supplier of services in the fields of IT Security and Antivirus Research, focusing on the detection and analysis of the latest malicious software and its use in comprehensive comparative testing of security products.

Due to the timeliness of the testing data, malware can instantly be analyzed and categorized, trends within virus development can be detected early, and IT-security solutions can be tested and certified. The AV-TEST Institute’s results provide an exclusive basis of information helping vendors to optimize their products, special interest magazines to publish research data, and end users to make good product choices.

AV-TEST has operated out of Magdeburg (Germany) since 2004 and employs more than 30 team members, professionals with extensive practical experience. The AV-TEST laboratories include 500 client and server systems, where more than 3,500 terabyte of independently-collected test data, containing both malicious and harmless sample information, are stored and processed.

Firmenkontakt und Herausgeber der Meldung:

AV-TEST – SITS Deutschland GmbH
Klewitzstraße 7
39112 Magdeburg
Telefon: +49 391 6075460
https://www.av-test.org

Ansprechpartner:
Erik Heyland
E-Mail: presse@av-test.com
Für die oben stehende Story ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.

counterpixel