Article Details
Scrape Timestamp (UTC): 2024-05-24 12:55:41.305
Source: https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html
Original Article Text
Click to Toggle View
Fake Antivirus Websites Deliver Malware to Android and Windows Devices. Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber attacks," Trellix security researcher Gurumoorthi Ramanathan said. The list of websites is below - The cybersecurity firm said it also uncovered a rogue Trellix binary named "AMCoreDat.exe" that serves as a conduit to drop a stealer malware capable of harvesting victim information, including browser data, and exfiltrating it to a remote server. It's currently not clear how these bogus websites are distributed, but similar campaigns in the past have employed techniques such as malvertising and search engine optimization (SEO) poisoning. Stealer malware have increasingly become a common threat, with cybercriminals advertising numerous custom variants with varying levels of complexity. This includes new stealers like Acrid, SamsStealer, ScarletStealer, and Waltuhium Grabber, as well as updates to existing ones such as SYS01stealer (aka Album Stealer or S1deload Stealer). "The fact that new stealers appear every now and then, combined with the fact that their functionality and sophistication varies greatly, indicates that there is a criminal market demand for stealers," Kaspersky said in a recent report. The development comes as researchers have discovered a new Android banking trojan called Antidot that disguises itself as a Google Play update to facilitate information theft by abusing Android's accessibility and MediaProjection APIs. "Functionality-wise Antidot is capable of keylogging, overlay attacks, SMS exfiltration, screen captures, credentials theft, device control, and execution of commands received from the attackers," Broadcom-owned Symantec said in a bulletin.
Daily Brief Summary
Threat actors are using counterfeit antivirus sites mimicking Avast, Bitdefender, and Malwarebytes to distribute malware targeting Android and Windows devices.
The malware, spread through fake sites, is specifically designed to steal sensitive information via browser data pilfering and exfiltrates it to a remote server.
A rogue binary named "AMCoreDat.exe" was identified, acting as a pathway for stealer malware that harvests user data.
Various techniques possibly supporting the spread of these deceptive websites include malvertising and SEO poisoning.
The cybersecurity landscape has seen an influx of new stealer malware variants like Acrid, SamsStealer, and Waltuhium Grabber, illustrating a sustained market demand for such malicious tools.
Recent reports also highlighted a new Android banking trojan named Antidot, disguised as a Google Play update, that exploits Android's APIs to commit theft and further malicious actions.
Antidot's capabilities range from keylogging to executing overlay attacks, illustrating advanced functionalities in newly emerging malware.