Antiy AVL SDK Anti-virus Engine Upgrade Announcement (20250614)
1. Weekly Update
Statistical period: June 7, 2025 ~ June 13, 2025
Antiy AVL SDK anti-virus engine released a total of 84 virus database updates this week, with an average of 12 updates per day, adding 16 new detectable malware families, 3,509 new detectable malware variants, and 63,480 new detection rules.
The following table shows the TOP5 newly detectable malware families:
|
Number |
Virus Name |
Virus Description |
|
1 |
Trojan/Win64.BungeeDropper[Dropper] |
This family is a kind of Trojan,
usually disguising itself as legitimate files or applications, and luring
users to download and install by means of social engineering. Once infected,
it will use its malicious functions to operate on the infected computer and
may lead to serious consequences such as system crashes and data leaks. |
|
2 |
HackTool/Win64.FreshyCalls |
This family is a type of hacking
tool, typically used for malicious communication, remote control, or process
injection. It employs techniques such as fileless attacks, code obfuscation,
or memory loading to evade detection and is often exploited by attackers for
backdoor penetration or data theft. |
|
3 |
Trojan/Win64.ChainLoader |
This family is a type of Trojan
that typically conducts covert attacks through process injection, dynamic API
calls, or encrypted payloads, and relies on the C2 server to obtain
subsequent malicious instructions, which can lead to data leakage, system
paralysis, or internal network intrusion. |
|
4 |
Trojan/PowerShell.ShortGrab |
This family is a type of Trojan
that mainly utilizes the PowerShell scripting language. It can carry out
various attacks through potential malicious behaviors and has deep
concealment, making it difficult to be detected by antivirus software. |
|
5 |
HackTool/Win64.Hijkthrd[VirTool] |
This family is a kind of hacking
tool, mainly spreading by infiltrating user systems, operating system
vulnerabilities or software vulnerabilities, and hiding its malicious
programs in the system to achieve the purpose of stealing user information
and destroying system functions, posing a serious threat to the system. |
(According to the HASH number of family samples within the period)
For more related content, please visit www.virusview.net (the Computer Virus Encyclopedia).
2. Full Detection Capabilities
As of 24:00 on June 13, 2025, the AVL SDK anti-virus engine can detect 18,071,169 malware variants of 57,053 malware families distributed in 8 basic categories, with a total of 40,831,8971detection rules.
The detection capabilities and the number of rules classified by malware are as follows:
|
Type |
Detectable
malware (Types) |
Detection
rules (Items) |
|
Infectious
viruses |
58,258 |
6,939,032 |
|
Worms |
305,055 |
3,992,406 |
|
Trojans |
13,080,229 |
24,494,517 |
|
Hacking tools |
445,891 |
344,265 |
|
Risk tools |
1,194,262 |
2,147,009 |
|
Rogue
software |
2,987,450 |
2,913,494 |
|
Junk files |
10 |
1,100 |
|
Test programs
(for self-test) |
14 |
48 |
|
Total |
18,071,169 |
40,831,871 |
Preprocessing Capabilities (partial) :
There are 31 types of unpackable executable packers and 132 types of recognizable or extractable packages (including self-extracting archives).
Supporting Knowledge Output Capabilities:
For malware payloads, the AVL SDK is used in conjunction with the malware knowledge base, which can output 533 types of key behavior mapping tags and 139 types of ATT&CK threat attack framework technical and tactical tags, with a coverage rate of 64.29%, basically covering all the statically detectable tags in the ATT&CK framework.
3. Be on Guard Against These Virus Families This Week
Recently, Antiy Labs detected an active Trojan sample Trojan/Win64.BungeeDropper[Dropper] on the Windows platform. This sample was captured in June 2025. This family infiltrates the victim’s host through various means such as download sites. The BungeeDropper Trojan uses process injection to release suspicious payloads and may engage in other behaviors that damage the victim’s host, such as spreading backdoor malware.
3.1 Overview of the BungeeDropper Trojan Family
|
Family name |
BungeeDropper |
|
Appearance time |
June 2025 |
|
Transmission pathways |
Download
sites |
|
Targeted system |
Windows |
|
Technical features |
Process
injection |
|
Main hazards |
manipulate
data |
|
Utilize components/related families |
Sliver |
3.2 Recommendations for Protection
For this Trojan, Antiy recommends the following protective measures:
(1) Install terminal anti-virus software: It is recommended to use host anti-virus and protection products such as Antiy Intelligent Endpoint Protection System that use the AVL SDK engine. It is recommended that users of Antiy IEP enable the ransomware defense tool module (enabled by default).
(2) Enhance password strength: Avoid using weak passwords. It is recommended to use 16-character or longer passwords, including combinations of uppercase and lowercase letters, numbers, and symbols. At the same time, avoid using the same password on multiple servers.
(3) Regularly change passwords: Change system passwords regularly to avoid password leaks that may lead to system intrusions;
(4) Timely update patches: It is recommended to enable the automatic update function to install system patches. System patches should be updated in a timely manner for vulnerable parts such as servers, databases, and middleware.
(5) Close high-risk ports: Adopt the minimization principle to external services and close unused high-risk ports such as 3389, 445, 139, and 135.
(6) Email Security: Handle suspicious emails carefully to avoid downloading unknown attachments or clicking on unfamiliar links.
(7) Disable PowerShell: If you are not using the PowerShell command-line tool, it is recommended to disable it.
(8) Regular data backup: Regularly back up important files, and the backed-up data should be isolated from the host.
Antiy Emergency Response Service
Antiy continuously empowers users to build an effective network attack security protection system and achieve effective security value.
National service hotline: 400-840-9234
Service support email: support@antiy.cn
Be Vigilant Against New Threats, Fortify Data Defenses!
Appendix: Introduction to Antiy AVL SDK Anti-Virus Engine
Antiy AVL SDK anti-virus engine is a threat detection capability middleware developed by Antiy for all architectures and system platforms. By embedding the AVL SDK, Antiy products and ecosystem partners’ products can acquire virus and malware detection capabilities, and receive continuous updates through the virus database.
For eight malware categories including infectious viruses, worms, Trojans, hacking tools, gray software, risky software, junk files, and test files, it accurately identifies and detects over 50,000 families and 18 million malware variants. The detection capability fully covers all known malwares and strictly adheres to the CARO convention. The output is structured and named in sections by classification, environment, and family, and based on the behavioral capabilities of malicious samples, it outputs nearly a hundred types of malicious behavior tags for typical malicious behaviors such as encryption ransomware, data theft, remote control, botnet programs, and mining. Antiy Engine can recognize over 300 file formats and conduct in-depth preprocessing on compilable executable formats such as PE and ELF. It also performs recursive unpacking of various packages (including self-extracting archives), and conduct structural analysis of compound documents such as OFFICE and ACAD files that may contain embedded scripts or vulnerability-prone formats. This ensures high robustness against malware. Antiy Engine also comes with a trusted file signature library, supporting the product to implement security policies based on blacklist and whitelist controls, significantly enhancing the difficulty for attackers.
Antiy’s detection capabilities can be fully deployed locally. Antiy automatically analyzes and processes over 2 million new file objects on average every day and releases a virus database update every two hours. It also provides support services such as cloud detection, cloud analysis, and computer virus encyclopedia.
Antiy AVL SDK is available in various versions such as traditional PC hosts, smart terminals, network traffic, IT application innovation systems, industrial systems, and unmanned systems. It provides threat detection capabilities for scenarios including host system and workload security, network traffic security, business flow security, email and file service security, etc. It fully supports various architectures such as X86, ARM, MIPS (including Cavium), RISC, and PowerPC, supports a variety of mainstream operating systems including domestic operating systems, Linux, and Windows, as well as real-time industrial operating systems like Vxwork. It also supports high-speed detection in backbone network scenarios.
Antiy AVL SDK empowers over 100 industry partners. In addition to Antiy’s own product deployment, Antiy Engine has cumulatively covered more than 4 billion nodes (including mobile terminals, secure and controllable PC endpoints, cloud-native nodes, network devices, network security devices, etc.), providing inherent security detection capabilities for mobile phones and smart terminals. The main partners using Antiy Engine include mobile phone enterprises such as Huawei, Xiaomi, Honor, VIVO and OPPO, large Internet enterprises such as Ant Financial, and several listed cybersecurity companies. Partner products using Antiy Engine have won internationally renowned evaluation awards such as AV-TEST and NSS Labs. The “L Tomahawk” logo of AVL SDK has become a symbol of reliable anti-virus capabilities.
All of Antiy’s products, including but not limited to IEP security protection system product family, Unified Workload Protect, Persistent Threat Detection System (PTD), Persistent Threat Analysis System (PTA), Attack Capture System, Qingzhu Zhiyu WAF, etc., all use Antiy anti-virus engine.
The AVL SDK anti-virus engine has been under development since 2001 and has undergone significant version upgrades and iterations. It has successively received support from key national initiatives, including: the Ministry of Science and Technology’s Innovation Fund for Technology-based Firms (2004), the Ministry of Science and Technology’s National High-Tech R&D Program (863 Program) (2006), the National Development and Reform Commission’s Information Security Special Project (2008), and the Ministry of Industry and Information Technology’s Engineering Special Project (2019). The mobile version of AVL SDK won the 2014 AV-TEST Best Protection Award for Mobile Devices. Products powered by the AVL SDK, Antiy PTD and PTA, won first place in both the first and second National Cybersecurity Technology Challenge competitions hosted by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC).