In mid-April 2024, researchers at Trellix Advanced Research Center team spotted multiple fake AV sites used to distribute info-stealers. The malicious websites hosted sophisticated malicious files such as APK, EXE and Inno setup installer, including Spy and Stealer capabilities.
The fake websites were masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes.
The sites hosting malware are avast-securedownload.com (Avast.apk), bitdefender-app.com (setup-win-x86-x64.exe.zip), malwarebytes.pro (MBSetup.rar).
Below is the list of malicious websites analyzed by the researchers:
The experts also discovered a malicious Trellix binary that pretends to be Legit (AMCoreDat.exe).
The researchers did not attribute the attacks to a specific threat actor. The report also includes Indicators of Compromise (IoCs) for the attacks employing fake AV websites.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, fake AV websites)