Cyberattacks: ransomware and infostealers hijacking a Windows automation tool
Detecting malware such as ransomware and infostealers is the first step; however, the second step is fending off the attack.

(PresseBox) - Detecting malware such as ransomware and infostealers is the first step; however, the second step is fending off the attack. Particularly when attackers co-opt legitimate Windows tools such as Autolt to carry out their misdeeds. But what happens when a security solution cannot cope with it and does not detect the attackers, or if it does, what if it cannot put a stop to them? Answers to these questions are found in the latest Advanced Threat Protection test – ATP test for short. The test uses 10 real-world scenarios to examine whether a security solution is capable of deploying its entire arsenal of additional protection tools and defending the system as promised. If it is not possible, then the ransomware or infostealer attack was successful. But not to worry here, because our test shows that the security solutions are up to the task.
Even experts find it difficult to keep track of things with all the hacker groups that are out there. New groups are constantly appearing on the scene and renting out their infrastructure to so-called “affiliates” (i.e., criminal partners who execute the attacks) as Ransomware-as-a-Service (RaaS). This only increases the number of threats circulating online. Of course, there are also dark web services for infostealers and other malware.
No matter whether it’s Qilin, Play, Cl0p, RansomHub or Akira, hacker groups all use the latest attack methods and delivery routes available, adapting their malware – often by employing AI technology. But they are not the only ones capable of adaptation: The Advanced Threat Protection test adapts its testing every 2 months as well and incorporates these attack methods for the malware used in the test. [...]
LINK: www.av-test.org/en/news/cyberattacks-ransomware-and-infostealers-hijacking-a-windows-automation-tool/
Here is an overview of the article:
High level of defense against dangerous ransomware and infostealers
The 10 test scenarios
The ATP test of 8 security packages for consumer users
The ATP test of 9 security solutions for corporate users
The ATP test with many excellent scores
Due to the size of the file, the full set of charts and results from this test-run are not attached, but you can download them from here (about 15 MB): www.av-test.org/fileadmin/Tests/Mediapacks/2026/AV-TEST_2026-04_Advanced_Threat_Protection_review_mediapack.zip
The attached data can be used to create at-a-glance overviews or statistics of the test results, starting immediately (there is no embargo).
You are free to use the results as a basis for your own reviews, as long as a reference to "AV-TEST Institute" - with an active link to our website:
www.av-test.org - is given as source. Thank you!
AV-TEST is an independent supplier of services in the fields of IT Security and Antivirus Research, focusing on the detection and analysis of the latest malicious software and its use in comprehensive comparative testing of security products.
Due to the timeliness of the testing data, malware can instantly be analyzed and categorized, trends within virus development can be detected early, and IT-security solutions can be tested and certified. The AV-TEST Institute’s results provide an exclusive basis of information helping vendors to optimize their products, special interest magazines to publish research data, and end users to make good product choices.
AV-TEST has operated out of Magdeburg (Germany) since 2004 and employs more than 30 team members, professionals with extensive practical experience. The AV-TEST laboratories include 500 client and server systems, where more than 3,500 terabyte of independently-collected test data, containing both malicious and harmless sample information, are stored and processed.
Unternehmensinformation / Kurzprofil:
AV-TEST is an independent supplier of services in the fields of IT Security and Antivirus Research, focusing on the detection and analysis of the latest malicious software and its use in comprehensive comparative testing of security products.
Due to the timeliness of the testing data, malware can instantly be analyzed and categorized, trends within virus development can be detected early, and IT-security solutions can be tested and certified. The AV-TEST Institute’s results provide an exclusive basis of information helping vendors to optimize their products, special interest magazines to publish research data, and end users to make good product choices.
AV-TEST has operated out of Magdeburg (Germany) since 2004 and employs more than 30 team members, professionals with extensive practical experience. The AV-TEST laboratories include 500 client and server systems, where more than 3,500 terabyte of independently-collected test data, containing both malicious and harmless sample information, are stored and processed.
Datum: 07.07.2026 - 12:10 Uhr
Sprache: Deutsch
News-ID 738856
Anzahl Zeichen: 4392
contact information:
Contact person: Erik Heyland
Town:
Magdeburg
Kategorie:
Hazadous Materials Management
Diese Pressemitteilung wurde bisher 176 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"Cyberattacks: ransomware and infostealers hijacking a Windows automation tool"
steht unter der journalistisch-redaktionellen Verantwortung von
AV-TEST - SITS Deutschland GmbH (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).





