CyberSecurity news
FlagThis - #Bitdefender
|
Pierluigi Paganini@Security Affairs
//
Cybercriminals are using a fake Bitdefender website to distribute the Venom RAT (Remote Access Trojan) and other malicious programs, tricking users into downloading what they believe is legitimate antivirus software. The spoofed domain, bitdefender-download[.]com, closely mimics the official Bitdefender site, making it difficult for unsuspecting users to distinguish between the real and fake versions. This campaign highlights the importance of verifying the legitimacy of software download sources to avoid becoming a victim of malware.
Researchers have found that clicking on the "Download for Windows" button on the fraudulent site initiates a file download from a Bitbucket repository that redirects to an Amazon S3 bucket. The downloaded ZIP archive, named "BitDefender.zip," contains an executable ("StoreInstaller.exe") which includes malware configurations associated with Venom RAT, as well as code related to the open-source post-exploitation framework SilentTrinity and StormKitty stealer. These tools work in concert to compromise user systems. The Venom RAT allows attackers to harvest data and maintain persistent remote access to compromised systems. Additionally, the StormKitty malware steals passwords, including those for cryptocurrency wallets, while SilentTrinity ensures the attacker can remain hidden and maintain long-term control. DomainTools suspects the fake Bitdefender site was likely used in phishing attacks, given its overlap with internet infrastructure hosting other fake sites impersonating banks and IT services, further emphasizing the malicious intent behind this cloned website.
Share:
References :
Classification:
Shivani Tiwari@cysecurity.news
//
Cybersecurity firm Bitdefender has issued a warning about a significant increase in subscription scams that are cleverly disguised as legitimate online stores and enticing mystery boxes. This new wave of scams is characterized by its unprecedented sophistication, employing high-quality website design, targeted advertising, and social media exploitation to deceive unsuspecting users. Over 200 fake retail sites have been identified as part of this operation, all designed to harvest credit card data and personal information from victims globally. These sites offer a wide range of products, including clothing, electronics, and beauty items, making it harder for users to distinguish them from genuine e-commerce platforms.
This scam network leverages social media platforms, particularly Facebook, where cybercriminals deploy sponsored ads and impersonate content creators to lure victims. A key component of this fraud is the evolution of the "mystery box" scam, which promises surprise items for a nominal fee but conceals hidden subscription models in the fine print. Victims are often unknowingly enrolled in recurring payment plans, with charges ranging up to 44 EUR every 14 days, disguised as loyalty benefits or exclusive shopping privileges. The scammers exploit the human fascination with the unknown, offering boxes supposedly left at post offices or bags found at airports, requiring a small payment to claim ownership, with the primary objective being collecting financial information. Bitdefender's investigation reveals that these schemes utilize complex payment structures and convoluted terms to confuse users, transforming a seemingly one-time purchase into recurring charges. To evade detection, scammers employ techniques such as multiple ad versions, Google Drive-hosted images for easy replacement, cropped visuals to bypass pattern recognition, and homoglyph tactics to obscure malicious intent. Many of these fraudulent sites remain active, continuously targeting users globally, with specific campaigns observed in Romania, Canada, and the United States. The connection between these scams and a Cyprus-registered address raises suspicions of a coordinated operation involving offshore entities.
Share:
References :
Classification:
|