Hackers Counterfeiting Antivirus Software Websites to Spread Malware

On May 28, TapTechNews reported that security incidents where hackers impersonate well-known application official websites to spread malicious Trojans have become commonplace. However, recently, the security company Trellix released a report claiming that some hackers are even bolder, directly counterfeiting the official websites of various antivirus software to provide malicious Trojan software to victims.

TapTechNews learned from the report that currently, a large number of hackers have set up a series of counterfeit official websites of antivirus software such as Avast, Bitdefender, and Malwarebytes, and increased their weight through search engine advertising to spread various types of malicious software.

Security personnel said that currently, they have recorded that there is a counterfeit Avast website specifically targeting Android users. Once unsuspecting users download and install the APK file through the relevant website, the user's device will be quietly taken over by hackers. After that, the hacker can deploy malicious scripts in the victim's mobile phone, obtain call records and text messages, and query the credential data saved by the user in the device. In addition, the hacker will also use the user's device to mine digital currency or use the user's device as a 'zombie computer'.

Security personnel also reported two counterfeit Bitdefender and Malwarebytes websites for Windows users. These two websites respectively provide false antivirus software containing the ransomware 'LummaStealer' and 'StealC'. After the victim installs the relevant software, the credential information in the device will be automatically sent to the server set up by the hacker.

It is worth noting that Trellix researchers also found that there are hackers providing their own modified security software 'AMCoreDat.exe'. It is reported that the malicious software provided by the hacker will create multiple files in the'specific folder' in the victim's device and write part of the payload content, thereby avoiding the routine detection of other antivirus software in the victim's device.