AVCheck website used as an anti-malware detection tool deactivated

An international operation between several security agencies has dismantled the service AVCheck, used by cybercriminals to check whether their malicious programs are detected by commercial antivirus programs before distributing them. The service's official domain, avcheck.net, now displays a seizure image with the shields of the U.S. Department of Justice, the FBI, the U.S. Secret Service and the Dutch Police (Politie).

According to the statement published by Politie, AVCheck was one of the most widely used counter-antivirus (CAV) services in the world by cybercriminals to assess the evasiveness of their malware. CAV services allow malware developers to check whether malware will be detected by antivirus programs, which would allow criminals to access their victims' networks undetected.

Researchers also link AVCheck administrators to cryptocurrency services Cryptor.biz and Crypt.guru. The former has been seized by authorities, while the latter is offline. Cybercriminals used crypto services to obfuscate their malware, test it on AVCheck or other similar CAV services to see if it was undetectable and, only then, deploy it against their targets.