Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Overview

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (

Organisations Involved

The following organisations are mentioned in relation to this incident: Google, Google Ads, Malware Using Huawei Driver, Tax Search Ads Deliver.

Multi-Source Coverage

This event has been reported across multiple outlets:

• Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR — thehackernews

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.