Home Security Fake Antivirus Websites Deliver Malware to Android and Windows Devices

Fake Antivirus Websites Deliver Malware to Android and Windows Devices

by


May 24, 2024NewsroomMalvertising / Endpoint Security

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices.

“Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber attacks,” Trellix security researcher Gurumoorthi Ramanathan said.

The list of websites is below –

  • avast-securedownload[.]com, which is used to deliver the SpyNote trojan in the form of an Android package file (“Avast.apk”) that, once installed, requests for intrusive permissions to read SMS messages and call logs, install and delete apps, take screenshot, track location, and even mine cryptocurrency
  • bitdefender-app[.]com, which is used to deliver a ZIP archive file (“setup-win-x86-x64.exe.zip”) that deploys the Lumma information stealer malware
  • malwarebytes[.]pro, which is used to deliver a RAR archive file (“MBSetup.rar”) that deploys the StealC information stealer malware

The cybersecurity firm said it also uncovered a rogue Trellix binary named “AMCoreDat.exe” that serves as a conduit to drop a stealer malware capable of harvesting victim information, including browser data, and exfiltrating it to a remote server.

Cybersecurity

It’s currently not clear how these bogus websites are distributed, but similar campaigns in the past have employed techniques such as malvertising and search engine optimization (SEO) poisoning.

Stealer malware have increasingly become a common threat, with cybercriminals advertising numerous custom variants with varying levels of complexity. This includes new stealers like Acrid, SamsStealer, ScarletStealer, and Waltuhium Grabber, as well as updates to existing ones such as SYS01stealer (aka Album Stealer or S1deload Stealer).

Fake Antivirus Websites

“The fact that new stealers appear every now and then, combined with the fact that their functionality and sophistication varies greatly, indicates that there is a criminal market demand for stealers,” Kaspersky said in a recent report.

The development comes as researchers have discovered a new Android banking trojan called Antidot that disguises itself as a Google Play update to facilitate information theft by abusing Android’s accessibility and MediaProjection APIs.

“Functionality-wise Antidot is capable of keylogging, overlay attacks, SMS exfiltration, screen captures, credentials theft, device control, and execution of commands received from the attackers,” Broadcom-owned Symantec said in a bulletin.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex