1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Watch out - that antivirus website could be a fake, and infecting

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 28, 2025 18:45:08
    Watch out - that antivirus website could be a fake, and infecting your PC
    with malware

    Date:
    Wed, 28 May 2025 17:32:00 +0000

    Description:
    Researchers find a malicious site impersonating popular antivirus software.

    FULL STORY ======================================================================Research ers found a website spoofing Bitdefender antivirus The site delivers a remote access trojan Crooks are using it to steal people's money

    One of the best antivirus programs out there is being abused in a new
    campaign delivering the dangerous VenomRAT Remote Access Trojan (RAT).

    Cybersecurity researchers Domaintools recently posted an in-depth analysis of the malicious operation after they spotted a malicious domain called bitdefender-download[.]com, which leads to a website titled DOWNLOAD FOR WINDOWS.

    Aside from a few subtle differences, the website looks seemingly identical to the legitimate Bitdefender download web page: There are subtle differences between them such as the legitimate page using the word free in several
    places whereas the spoofed version does not, it was explained. VenomRAT

    The landing page has a Download for Windows button, which triggers a file download from an Amazon S3 bucket.

    The bundled executable is named StoreInstaller.exe, and was found to contain malware configurations associated with VenomRAT, Domaintools further explained. It also contained code associated with open source post-exploitation framework SilentTrinity and StormKitty stealer.

    VenomRAT is a lightweight RAT that cybercriminals use to gain control over compromised Windows systems. It enables the theft of login credentials, and allows threat actors to log keystrokes, access webcams, and run additional commands, remotely.

    In this case, Domaintools says the goal was to steal peoples cryptocurrency and then sell the access to a different threat actor, saying there is clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems.

    The researchers also found that the campaign overlaps, both in time and infrastructure, to other malicious operations in which banks and generic IT services were being impersonated. The Armenian IDBank, and the Royal Bank of Canada, are some of the companies being mentioned in the report.

    As usual, the best way to minimize these threats is to be careful when clicking on links in emails and social media messages, and only download software from legitimate sources. You might also like Criminals are using a virtual hard disk image file to host and distribute dangerous malware Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/watch-out-that-antivirus-website-could- be-a-fake-and-infecting-your-pc-with-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)