Attackers are constantly developing new tools and tactics in order to launch attacks on Windows systems. The actual attack generally takes place through ransomware or an infostealer. In our latest Advanced Threat Protection test – or ATP test, for short – the AV-TEST team checked whether security solutions for consumer users and corporate users are also prepared to defend against the most recent tactics used by cyberattackers. One type of attack is the deployment of malware in an executable file, disguised as a Python application. On the surface, they do not stand out because these types of data packages, generated by developers, can be found on the internet. However, many of the 20 security products tested are not deceived in the least. But still, some are.
Cyberattackers are very creative when it comes to finding ways to earn money from their exploits. Vendors of security products need to keep pace with this level of creativity. After all, the integrity of their customers’ data and systems are at stake. Sometimes the attacks involve malware that has hardly been changed. The attackers just inject it into files that look harmless and are found everywhere on the internet.
The strategy is straightforward. Where’s the best place to hide a tree: in the forest. And it is this principle that attackers also employ when they conceal malware as Python applications in executable files. Many developers use these types of files and distribute them online or on coding platforms for free, so the tactic does not stand out at all. [...]
LINK: www.av-test.org/en/news/atp-test-keeping-data-thieves-and-encryptors-at-bay/
Here is an overview of the article:
Due to the size of the file, the full set of charts and results from this test-run are not attached, but you can download them from here (about 15 MB): www.av-test.org/fileadmin/Tests/Mediapacks/2026/AV-TEST_2026-02_Advanced_Threat_Protection_review_mediapack.zip
The attached data can be used to create at-a-glance overviews or statistics of the test results, starting immediately (there is no embargo).
You are free to use the results as a basis for your own reviews, as long as a reference to "AV-TEST Institute" - with an active link to our website:
www.av-test.org - is given as source. Thank you!
Please contact us if you have any questions. Press contact:
Erik Heyland, presse@av-test.com
Phone: +49 391 6075460
Would you like to make sure you automatically obtain the Institute's latest tests and research results? Simply register for our PRESS DISTRIBUTION LIST and you will receive all information automatically via e-mail.
Cyberattackers are very creative when it comes to finding ways to earn money from their exploits. Vendors of security products need to keep pace with this level of creativity. After all, the integrity of their customers’ data and systems are at stake. Sometimes the attacks involve malware that has hardly been changed. The attackers just inject it into files that look harmless and are found everywhere on the internet.
The strategy is straightforward. Where’s the best place to hide a tree: in the forest. And it is this principle that attackers also employ when they conceal malware as Python applications in executable files. Many developers use these types of files and distribute them online or on coding platforms for free, so the tactic does not stand out at all. [...]
LINK: www.av-test.org/en/news/atp-test-keeping-data-thieves-and-encryptors-at-bay/
Here is an overview of the article:
- 20 security solutions in the ATP test
- The 10 test scenarios
- 11 consumer user packages in the ATP test
- 9 corporate solutions put to the ATP test
- Crucial takeaways for several of the test participants
Due to the size of the file, the full set of charts and results from this test-run are not attached, but you can download them from here (about 15 MB): www.av-test.org/fileadmin/Tests/Mediapacks/2026/AV-TEST_2026-02_Advanced_Threat_Protection_review_mediapack.zip
The attached data can be used to create at-a-glance overviews or statistics of the test results, starting immediately (there is no embargo).
You are free to use the results as a basis for your own reviews, as long as a reference to "AV-TEST Institute" - with an active link to our website:
www.av-test.org - is given as source. Thank you!
Please contact us if you have any questions. Press contact:
Erik Heyland, presse@av-test.com
Phone: +49 391 6075460
Would you like to make sure you automatically obtain the Institute's latest tests and research results? Simply register for our PRESS DISTRIBUTION LIST and you will receive all information automatically via e-mail.
