The "magic" is possible thanks to the fact that the malware uses a valid driver to disable the antivirus and thus bypass detection systems. In their report, the researchers describe this novel strategy: essentially, the malware exploits the asWarPot.sys file, an absolutely legitimate anti-rootkit driver from Avast, to disable the security suite.
According to the researchers, Avast is capable of detecting and blocking this variant of AvosLocker
The fact that this variant of AvosLocker is able to go unnoticed in target systems is a particularly worrying fact, however, the researchers claim that Avast and AVG (both corporate and home users) are capable of able to detect and block the variant, while for other users, they recommend updating Windows with the latest security updates and making sure that the antivirus in use is updated to the latest version.