Tyler Cross
Updated on: May 29, 2024

Hackers are creating fake antivirus websites in an attempt to infect victims with malware.

These fake websites pose as legitimate antivirus companies, such as Avast, Malwarebytes, and Bitdefender. The websites are a phishing scam, where hackers attempt to gain your trust by posing as legitimate companies, employees, or sources. The purpose of gaining your trust is so that you’ll freely download their malware or give them your information.

Fake antivirus websites are especially dangerous; imagine that your computer is already infected, so you search for a trusted antivirus website only to find the infection is worse off than when you started.

On top of injecting malware onto victims’ devices, many of the fake websites also contained a rogue Trellix binary that served to send information about the victim to a remote source.

The fake websites were discovered and posted about by Trellix researchers.

The malware that hackers also changed device permissions, granting hackers the capacity to install/delete files, read texts and calls, and access your network.

Researchers laid out three malicious websites they found, including:

• Avast-securedownload[.]com. This site installed a SpyNote trojan called Avast.apk. After deployment, it harvests sensitive user data, including your calls and texts, and also mines cryptocurrency using your device. It could also send screenshots to a remote device.
• Malwarebytes[.]pro. This delivers an RAR file under a realistic-looking file name. Once installed it would deliver the StealC payload, which would then harvest user data.
• Bitdefender-app[.]com. Hackers delivered a zip file with a hidden EXE inside. It would then follow up by targeting Windows users with the Lumma information-stealing malware.

Researchers were unable to figure out exactly what the distribution model for these websites is, however, they have discovered malvertising campaigns and search engine optimization tweaking.

Trellix researchers recommend double-checking websites before visiting them, verifying the authenticity of the website, and avoiding free downloads or pirated software. While it’s counter-intuitive given the nature of the antivirus-masked threat, installing a good cybersecurity solution will also mitigate the risks of installing malware.