May 24, 2024 at 09:51AM
Threat actors are using fake websites posing as legitimate antivirus solutions like Avast, Bitdefender, and Malwarebytes to distribute malware targeting Android and Windows devices. The malware can steal sensitive information. The firms also observed a new Android banking trojan called Antidot, posing as a Google Play update, to facilitate information theft.
The meeting notes from May 24, 2024, highlighted a growing concern about threat actors using fake websites to distribute malware targeting Android and Windows devices. The malicious software, masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes, is capable of stealing sensitive information. This poses a significant risk to consumers seeking protection from cyber attacks.
Notable points from the meeting include the discovery of malicious websites such as avast-securedownload[.]com, bitdefender-app[.]com, and malwarebytes[.]pro, which are used to distribute various forms of malware. Additionally, a rogue Trellix binary named “AMCoreDat.exe” was found to deploy a stealer malware capable of harvesting victim information. The distribution methods of these bogus websites remain unclear, although past campaigns have used techniques such as malvertising and search engine optimization (SEO) poisoning.
The meeting also highlighted the increasing prevalence of stealer malware, with cybercriminals advertising numerous custom variants and updates to existing ones. The criminal demand for such malware was emphasized in a recent report by Kaspersky.
Another development mentioned in the meeting was the discovery of a new Android banking trojan called Antidot, which disguises itself as a Google Play update. Its capabilities include keylogging, overlay attacks, SMS exfiltration, screen captures, credentials theft, device control, and execution of commands received from attackers.
Overall, the meeting underscored the urgency of addressing the growing threats posed by fake websites distributing malware and the increasing sophistication and diversity of stealer malware. This information is critical for informing cybersecurity strategies and ensuring the protection of devices and sensitive information.
If you need further details or action items based on these meeting notes, please let me know.