Technology|March 25, 2026|1 min read

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Cybercriminals are using malicious search advertisements for tax services to distribute ScreenConnect malware, leveraging a Huawei driver to disable endpoint detection and response (EDR) systems.

#malware#ScreenConnect#EDR bypass#Huawei driver#tax scam#social engineering#endpoint security#search ads#threat actors

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Author: Ravie Lakshmanan
Date: Mar 24, 2026
Categories: Endpoint Security / Social Engineering

Cybercriminals are using malicious search advertisements for tax services to distribute ScreenConnect malware, leveraging a Huawei driver to disable endpoint detection and response (EDR) systems.

This attack campaign demonstrates how threat actors are exploiting seasonal search trends and legitimate software drivers to bypass security controls and establish persistent access to victim systems.

Share this story

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group compromised the massively popular LiteLLM Python package on PyPI, injecting malicious code into versions 1.82.7 and 1.82.8 that deploys an infostealer to harvest sensitive data from infected systems.