Fake antivirus sites spreading malware disguised as trusted brands
5:12 AM EDT, May 26, 2024
When downloading antivirus software, ensuring it comes from a trusted source is crucial. Some fake websites offer tampered versions of reputable software like Avast, Bitdefender, and Malwarebytes. Downloading these compromised versions can infect your computer.
Details about this issue can be read in a post by Trellix, highlighted by the service The Hacker News. Experts have identified three fake websites offering modified versions of Avast antivirus for Android (in the form of an APK file), Bitdefender for computers (as a ZIP package), and the Malwarebytes application (as a RAR archive).
In each case, users inadvertently infect their devices by choosing to install these versions. Various malicious programs then infiltrate the system, most commonly an infostealer, cryptocurrency miner, or remote access trojan. Depending on the specific malware, it can, among other things, read keystrokes and SMS content, steal login data for various services, or record the screen—all without the user's awareness.
The fake websites used to distribute the infected software versions are:
- avast-securedownload[.]com,
- bitdefender-app[.]com,
- malwarebytes[.]pro.
As always, we remind you to ensure the source is trustworthy before downloading any software. A fake site can typically be recognized by its URL, which may contain typos or names that are unrelated to the producer's authentic website.
However, it must be remembered that fake software can be downloaded to a computer or smartphone in many ways. Another equally popular method is phishing, where fake attachments in emails or links lead to tampered websites and counterfeit software versions.