Heimdal
Home > Cybersecurity News

Researchers Uncover Fake Antivirus Sites Spreading Malware

The Malicious Files Have Infostealing and Espionage Capabilities.

Last updated on May 28, 2024

article featured image

Contents:

Cybersecurity researchers identified several fake antivirus websites used by cybercriminals to distribute malware. These websites closely mimic legitimate antivirus sites but deliver malicious software instead of protection.

In mid-April, Trellix’s Advanced Research Center discovered that these fake websites host malicious files, including .apk, .exe, and installer files created with Inno Setup.

The malware includes espionage and infostealing functions, targeting users seeking to protect their devices.

Which fake websites have been identified?

The fake websites mimic well-known antivirus brands, such as:

  • avast-securedownload[.]com
  • bitdefender-app[.]com
  • and malwarebytes[.]pro.

Screenshot of a fake antivirus website mimicking Avast. The website promotes a free antivirus download with the slogan 'Free antivirus is your first step to online freedom.' The URL in the address bar shows 'avast-securedownload.com' and is marked as dangerous.

‘Avast’ fraudulent website (source)

These sites distribute files like:

  • Avast.apk
  • setup-win-x86-x64.exe.zip
  • and MBSetup.rar

containing malware instead of legitimate software.

According to Trellix’s analysis, the malicious files have various harmful capabilities.

  • For example, the fake Avast APK can install and delete packages, read call logs, SMS, and saved data, and access network settings.
  • The fake Bitdefender file contains the Lumma stealer, which exfiltrates information, and the fake Malwarebytes file contains the StealC malware, which steals data and access tokens.
  • The fake Trellix software collects PC information and sends it to a command-and-control server.

To learn more, read the full report here.

Safety recommendations

To protect against these dangerous websites you can follow good cyber hygiene practices such as:

  • Always double-check links before clicking on them.
  • Make sure the website you are visiting is legitimate.
  • Put powerful cybersecurity technologies to use to make sure you are safe from these kinds of malicious attempts.
  • Never use pirated software, as it often leads to downloading fake or malicious binaries.
  • Make sure your endpoint security provider approves the program you are downloading.

If you liked this piece, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

Related Articles

[2024] 12 Best Endpoint Security Software Solutions and ToolsCommand-and-Control Servers Explained. Techniques and DNS Security RisksWhat Is Malware? Definition, Types and ProtectionDNS Attack Types Explained – Threats and Mitigation MeasuresWhat Can Malicious Code Do? A Brief Overview of Common Cyberattacks

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V