Home
Cyber Risk Management

Windows and Android Malware Delivered Through Fake Antivirus Websites

Threat actors are using fraudulent antivirus websites to spread infostealer malware to Android and Windows devices. Learn more about the threat and how to mitigate the risks.

Anuj Mudaliar Anuj Mudaliar Assistant Editor - Tech, SWZD
May 27, 2024
Malware Alert
(Credits: Shutterstock.com)

  • Threat actors have been using fake antivirus websites, impersonating legitimate antivirus products to distribute infostealer malware variants.
  • Similar malware campaigns have used SEO poisoning and malicious advertising strategies to improve success rates.

Security researchers at Trellix have uncovered fake websites impersonating legitimate antivirus solutions, which threat actors use to distribute malware. The malware is primarily being used to steal sensitive data from Android and Windows devices. Such websites can be viewed as a significant cybersecurity threat due to their predatory nature toward general consumers looking for cybersecurity solutions.

The fake websites impersonate antivirus software such as Malwarebytes, Avast, and Bitdefender. The fraudulent websites are named avast-securedownload, bitdefender-app, and malwarebytespro, which are used to distribute the SpyNote trojan, Lumma malware, and StealC malware. The research team also discovered a binary called AMCoreDat.exe, which works as a medium for deploying stealer malware.

See More: Microsoft’s New ‘Recall’ AI in Windows 11 Tracks Every Action on Your PC

Trojans and malware from these websites allow malicious actions such as accessing SMS messages, call details, screenshots, deleting or installing apps, mining cryptocurrency, tracking real-time location, and more. While it is unclear how these website addresses have been distributed, malicious advertising and SEO poisoning strategies have been suspected.

To mitigate the risks arising from such campaigns, complete security measures and best practices, such as checking URLs, source verification, and avoiding pop-ups, are some of the recommended measures.

The discovery of these websites continues to highlight the growing threat of stealer malware, which is becoming increasingly common, each with multiple variants and levels of complexity. It also shows a rising demand for such malware by bad actors and the presence of black markets for such offerings.

LATEST NEWS STORIES

Malware security
Anuj Mudaliar
Anuj Mudaliar

Assistant Editor - Tech, SWZD

opens a new window opens a new window
opens a new window opens a new window
Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

Top Tips to Stay Safe During Black Friday and Cyber Monday
Cyber Risk Management

Top Tips to Stay Safe During Black Friday and Cyber Monday

SMBs: Cybersecurity Is Everyone’s Responsibility
Cyber Risk Management

SMBs: Cybersecurity Is Everyone’s Responsibility

Cybersecurity Frameworks Explained
Cyber Risk Management

Cybersecurity Frameworks Explained

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime
Cyber Risk Management

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime

Safeguarding Elections from Cyberthreats
Cyber Risk Management

Safeguarding Elections from Cyberthreats

Fact or Fiction: Combatting Deepfakes During an Election Year
Cyber Risk Management

Fact or Fiction: Combatting Deepfakes During an Election Year