Beware: These Fake Antivirus Sites Spreading Android and Windows Malware

27-05-2024
Share
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware

Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices.

The list of websites is below –

  • avast-securedownload[.]com, which is used to deliver the SpyNote trojan in the form of an Android package file (“Avast.apk”) that, once installed, requests for intrusive permissions to read SMS messages and call logs, install and delete apps, take screenshot, track location, and even mine cryptocurrency
  • bitdefender-app[.]com, which is used to deliver a ZIP archive file (“setup-win-x86-x64.exe.zip”) that deploys the Lumma information stealer malware
  • malwarebytes[.]pro, which is used to deliver a RAR archive file (“MBSetup.rar”) that deploys the StealC information stealer malware

Stealer malware have increasingly become a common threat, with cybercriminals advertising numerous custom variants with varying levels of complexity. This includes new stealers like AcridSamsStealerScarletStealer, and Waltuhium Grabber, as well as updates to existing ones such as SYS01stealer (aka Album Stealer or S1deload Stealer).

Fake Antivirus Websites

The development comes as researchers have discovered a new Android banking trojan called Antidot that disguises itself as a Google Play update to facilitate information theft by abusing Android’s accessibility and MediaProjection APIs.

“Functionality-wise, Antidot is capable of keylogging, overlay attacks, SMS exfiltration, screen captures, credentials theft, device control, and execution of commands received from the attackers,” Broadcom-owned Symantec said in a bulletin.

 

Source: https://thehackernews.com/