Watch out – that antivirus website can be fake and infect your PC with malware

Tech & Gadgets

By Entore Musk On May 28, 2025

- Advertisement -

Snowflake Summit 2025 – Live coverage of the event while the…

Why your biometric data will soon be more valuable than money

Microsoft and Barclays Bank Drawing Major Copilot License Deal

- Advertisement -

Researchers found a website that spofted Bitdefender Antivirus
The site provides an external access Trojan
Crooks use it to steal people’s money

One of the Dear Antivirus Programs that are being abused in a new campaign that delivers the Dangerous Venomrat Remote Access Trojan (RAT).

Cyber security researchers Domaintools recently have a in -depth analysis of the malicious operation after they had seen a malignant domain called “Bitdefender download[.]com “, which leads to a website entitled” Download for Windows “.

Apart from a few subtle differences, the website apparently looks identical to the legitimate Bitdefender Download -webpage: “There are subtle differences between them such as the legitimate page using the word” free “in different places, while the spotted version does not do,” was explained.

Poison

The destination page has a “Download for Windows” button, which can be downloaded a file download of a file Amazon S3 bucket.

The bundled executable file is called “Storeinstaller.exe” and turned out to contain malwareconfigurations that have been linked to Venomrat, Domaintools further explained. It also contains code associated with open source post-exploitation Framework Silenttrinity and Stormkitty Stealer.

Venomrat is a lightweight rat that cyber criminals use to get control over compromised Windows systems. It makes the theft of login data possible and allows threat actors to log test attacks, gain access to webcams and to carry out extra assignments remotely.

In this case, Domaintools says that the goal was to steal people’s cryptocurrency and then sell access to another threat actor, saying that there is “clear intention to focus individuals on financial gain through their references, crypto portfolios and possibly access to their systems.”

The researchers also discovered that the campaign, both in time and in the infrastructure, overlaps other malignant operations in which banks and “generic IT services” were connected. The Armenian Idbank and the Royal Bank of Canada are some of the companies mentioned in the report.

As usual, the best way to minimize these threats is to be careful when clicking on links in e -mails and messages on social media, and only download software from legitimate sources.

Maybe you like it too

- Advertisement -