{"id":110893,"date":"2025-06-12T13:56:29","date_gmt":"2025-06-12T13:56:29","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=110893"},"modified":"2025-06-13T02:54:26","modified_gmt":"2025-06-13T02:54:26","slug":"cybereye-rat-disable-windows-defender-using-powershell","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/","title":{"rendered":"CyberEYE RAT Disables Windows Defender Using PowerShell and Registry Manipulations"},"content":{"rendered":"\n<p>A sophisticated new Remote Access Trojan known as CyberEYE has emerged as a significant threat to Windows systems, demonstrating advanced capabilities to completely disable Windows Defender through a combination of PowerShell commands and registry manipulations.<\/p>\n\n\n\n<p>This modular, .NET-based malware leverages Telegram&#8217;s messaging platform as its command and control infrastructure, making detection and mitigation particularly challenging for traditional <a href=\"https:\/\/cybersecuritynews.com\/cloud-security-solutions\/\" target=\"_blank\" rel=\"noreferrer noopener\">security solutions<\/a>.<\/p>\n\n\n\n<p>The malware operates through a user-friendly builder interface that allows even novice cybercriminals to customize payloads without requiring deep technical expertise.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi4KaeWvAtAFLCwXzO_mQ-UjkjR6eSN_Lpi5HlGdZFs8aKy2ea1kUcE8rfydsGA1lZLsHq3r7uS_cbIOgHDMS1HhGiU3E6APXkIPhIRNk68QdqokyJZ1epefs9RGTyDUHS_UGq8hjTMHDAgBw9i32gm3OglUqvIuP2p-SNOfGYRlYV9vVOTQ3C7e0DG46g\/s16000\/CyberEYE%20builder%20(Source%20-%20Cyfirma).webp\" alt=\"\" \/><figcaption class=\"wp-element-caption\">CyberEYE builder (Source &#8211; Cyfirma)<\/figcaption><\/figure><\/div>\n\n\n<p>CyberEYE is distributed through multiple channels, including public GitHub repositories and private Telegram channels, with threat actors behind the malware operating under aliases such as @cisamul23 and @CodQu.<\/p>\n\n\n\n<p>The malware&#8217;s accessibility and plug-and-play nature have contributed to its rapid adoption among cybercriminal communities seeking surveillance and data theft capabilities.<\/p>\n\n\n\n<p>Cyfirma analysts <a href=\"https:\/\/www.cyfirma.com\/research\/understanding-cybereye-rat-builder-capabilities-and-implications\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">identified<\/a> CyberEYE as a particularly dangerous threat due to its comprehensive feature set, which includes keylogging, credential harvesting, file exfiltration, and clipboard hijacking capabilities.<\/p>\n\n\n\n<p>The research team noted that the malware&#8217;s use of Telegram for command and control eliminates the need for attackers to maintain their own infrastructure, making it both more evasive and accessible to a broader range of threat actors.<\/p>\n\n\n\n<p>The malware&#8217;s impact extends far beyond typical <a href=\"https:\/\/cybersecuritynews.com\/russian-hacker-sentenced-for-data-theft-of-linkedin-dropbox-users\/\" target=\"_blank\" rel=\"noreferrer noopener\">data theft<\/a> operations, incorporating advanced persistence mechanisms and anti-analysis features that allow it to maintain long-term access to compromised systems.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgDponuQh551WpZxu9CK5kGUqBnn2y1-fpEXcGuXc6BqF9gyC3DA-gp2rb5pdCCW-b4CRLPGGp67mGGco_JglBhRKwRYm7fXMfxTFdamXPMRuYMvA5fYVO00zG7m-hbML69tHCQbo3O6OLYB1_1DFjoM4nN5rKbIThXNWXiwV6zKPGk4U_Cikirf7CADuM\/s16000\/Data%20Exfiltration%20via%20Telegram%20API%20(Source%20-%20Cyfirma).webp\" alt=\"\" \/><figcaption class=\"wp-element-caption\">Data Exfiltration via Telegram API (Source &#8211; Cyfirma)<\/figcaption><\/figure><\/div>\n\n\n<p>CyberEYE targets a wide range of sensitive information, including browser credentials, <a href=\"https:\/\/cybersecuritynews.com\/cryptocore-cryptocurrency-scam-draining-wallets\/\" target=\"_blank\" rel=\"noreferrer noopener\">cryptocurrency wallet<\/a> addresses, gaming platform sessions, and Wi-Fi passwords, all of which are exfiltrated through Telegram&#8217;s Bot API.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Advanced Windows Defender Evasion Techniques<\/strong><\/h2>\n\n\n\n<p>CyberEYE employs a sophisticated dual-approach strategy to neutralize Windows Defender, combining direct registry modifications with PowerShell-based command execution to ensure complete protection bypass.<\/p>\n\n\n\n<p>The malware&#8217;s <code>DisableDefenderFeatures()<\/code> method systematically targets critical registry keys that control Windows Defender&#8217;s core functionality, effectively rendering the security solution inoperative.<\/p>\n\n\n\n<p>The registry manipulation component focuses on modifying specific keys under the Windows Defender policy structure.<\/p>\n\n\n\n<p>The malware executes precise registry edits including disabling tamper protection through <code>SOFTWARE\\Microsoft\\Windows Defender\\Features<\/code> with the <code>TamperProtection<\/code> value set to &#8220;0&#8221;, and completely disabling anti-spyware functionality by setting <code>DisableAntiSpyware<\/code> to &#8220;1&#8221; under <code>SOFTWARE\\Policies\\Microsoft\\Windows Defender<\/code>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEga1fYIrzAMXOw7tulEZZeSgH7OAhlkYJjWwfwoRlIrBYPI-ySw1I9_TiFQeVnUJsdu3OGk_nHXMp5tr4Sn3c_fihC0Yes9Rr7ApOXvpr-xOyQFzfVi0FprmVFW0djO7_AgId98QhZvwm2Qu5F1tN2h9fpIcOcsajQcj5Gl7f7SIt-fmLEJkCc7ySatd2o\/s16000\/Construct%20URL%20(Source%20-%20Cyfirma).webp\" alt=\"\" \/><figcaption class=\"wp-element-caption\">Construct URL (Source &#8211; Cyfirma)<\/figcaption><\/figure><\/div>\n\n\n<p>Additionally, the malware targets real-time protection capabilities by modifying <code>SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection<\/code>, setting <code>DisableBehaviorMonitoring<\/code>, <code>DisableOnAccessProtection<\/code>, and <code>DisableScanOnRealtimeEnable<\/code> all to &#8220;1&#8221;.<\/p>\n\n\n\n<p>The PowerShell component operates through the <code>CheckDefenderSettings()<\/code> function, which first queries current Defender preferences using the command <code>Get-MpPreference -verbose<\/code> to assess which security features remain active.<\/p>\n\n\n\n<p>The malware then parses this output and systematically disables any remaining protections using targeted <code>Set-MpPreference<\/code> commands.<\/p>\n\n\n\n<p>For instance, if real-time monitoring is detected as active, the <a href=\"https:\/\/cybersecuritynews.com\/chatgpt-powered-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">malware<\/a> executes <code>Set-MpPreference -DisableRealtimeMonitoring $true<\/code>, while behavior monitoring is disabled through <code>Set-MpPreference -DisableBehaviorMonitoring $true<\/code>.<\/p>\n\n\n\n<p>This comprehensive approach ensures that even if registry modifications fail due to system restrictions, the PowerShell commands provide an alternative pathway to achieve the same result.<\/p>\n\n\n\n<p>The malware also targets advanced protection features including cloud-based scanning (<code>DisableBlockAtFirstSeen<\/code>), file and program activity monitoring (<code>DisableIOAVProtection<\/code>), and privacy mode restrictions (<code>DisablePrivacyMode<\/code>), creating a complete security vacuum that allows the malware to operate undetected.<\/p>\n\n\n\n<p>This systematic dismantling of Windows Defender represents a significant evolution in malware evasion techniques, demonstrating how modern threats can effectively neutralize endpoint protection through legitimate administrative tools and system modifications.<\/p>\n\n\n\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 89%,rgb(169,184,195) 100%)\"><strong><strong>Automate threat response with ANY.RUN\u2019s TI Feeds\u2014Enrich alerts and block malicious IPs across all endpoints<\/strong>\u00a0-&gt;\u00a0<a href=\"https:\/\/intelligence.any.run\/plans?utm_source=csn_jun&amp;utm_medium=article&amp;utm_campaign=free-vs-paid-ti-feeds&amp;utm_content=plans&amp;utm_term=100625\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><strong>Request full access<\/strong><\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A sophisticated new Remote Access Trojan known as CyberEYE has emerged as a significant threat to Windows systems, demonstrating advanced capabilities to completely disable Windows Defender through a combination of PowerShell commands and registry manipulations. This modular, .NET-based malware leverages Telegram&#8217;s messaging platform as its command and control infrastructure, making detection and mitigation particularly challenging [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":110895,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,48],"tags":[149,151],"class_list":{"0":"post-110893","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-threats","9":"tag-cyber-security","10":"tag-cyber-security-news"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>CyberEYE RAT Disable Windows Defender Using PowerShell and Registry Manipulations<\/title>\n<meta name=\"description\" content=\"CyberEYE RAT disables Windows Defender using PowerShell &amp; registry tweaks, using Telegram C2 &amp; a builder for easy custom malware payloads.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CyberEYE RAT Disables Windows Defender Using PowerShell and Registry Manipulations\" \/>\n<meta property=\"og:description\" content=\"CyberEYE RAT disables Windows Defender using PowerShell &amp; registry tweaks, using Telegram C2 &amp; a builder for easy custom malware payloads.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-12T13:56:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-13T02:54:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CyberEYE RAT Disable Windows Defender Using PowerShell and Registry Manipulations","description":"CyberEYE RAT disables Windows Defender using PowerShell & registry tweaks, using Telegram C2 & a builder for easy custom malware payloads.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/","og_locale":"en_US","og_type":"article","og_title":"CyberEYE RAT Disables Windows Defender Using PowerShell and Registry Manipulations","og_description":"CyberEYE RAT disables Windows Defender using PowerShell & registry tweaks, using Telegram C2 & a builder for easy custom malware payloads.","og_url":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-06-12T13:56:29+00:00","article_modified_time":"2025-06-13T02:54:26+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"CyberEYE RAT Disables Windows Defender Using PowerShell and Registry Manipulations","datePublished":"2025-06-12T13:56:29+00:00","dateModified":"2025-06-13T02:54:26+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/"},"wordCount":551,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news"],"articleSection":["Cyber Security News","Threats"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/","url":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/","name":"CyberEYE RAT Disable Windows Defender Using PowerShell and Registry Manipulations","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-06-12T13:56:29+00:00","dateModified":"2025-06-13T02:54:26+00:00","description":"CyberEYE RAT disables Windows Defender using PowerShell & registry tweaks, using Telegram C2 & a builder for easy custom malware payloads.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/#primaryimage","url":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/cybereye-rat-disable-windows-defender-using-powershell\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"CyberEYE RAT Disables Windows Defender Using PowerShell and Registry Manipulations"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World&#039;s #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjO15McEzNHI-zbt-0nT7ts5RH_jNwE_0-M3BPZQhyphenhyphenMo6yHmUprw4j-RNfbIadlFykVlinQQUP1D_Kv5d1nbPheqlclXuIG4EbmWETtyNPRH8wP78cDurus3-ieFKZcmFBijWXElBqMUN1AJFUKTO9JxaiYQ_M1PpVf1I9WtJNCcd2af7qe5_Jt76JI16U\/s16000\/CyberEYE%20RAT%20Disable%20Windows%20Defender%20Using%20PowerShell%20and%20Registry%20Manipulations.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/110893","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=110893"}],"version-history":[{"count":3,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/110893\/revisions"}],"predecessor-version":[{"id":110937,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/110893\/revisions\/110937"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/110895"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=110893"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=110893"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=110893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}