π―Scammers are creating fake websites that look like trusted brands to trick people into downloading harmful software. Always check if a website is real before downloading anything!
What Happened
A fake website mimicking Avast antivirus is deceiving users into downloading malware. This site runs a phony virus scan that falsely claims your computer is infected. Once users are panicked, they are prompted to download a file disguised as a virus cleaner, but it actually installs Venom Stealer, a malware designed for data theft. This tactic exploits the trust users place in well-known brands like Avast.
The scam begins with a convincing interface that includes a logo and certification badges. Users initiate a scan, which theatrically finds multiple threats. The result? A recommendation to download a file named Avast_system_cleaner.exe. This file is the malware payload that starts stealing sensitive information immediately upon execution.
In a related development, a fake Microsoft support website has been identified using similar deceptive tactics. This site, operating under a typosquatted domain, presents a fraudulent Windows update that appears legitimate, further demonstrating the evolving nature of online scams.
Who's Being Targeted
Anyone who visits this fraudulent site could be at risk, especially those who are not tech-savvy. The scam preys on individuals looking for antivirus solutions, exploiting their urgency to resolve perceived threats. Once the malware is installed, it targets high-value data, including passwords, session cookies, and cryptocurrency wallet information. This makes it particularly dangerous for users who store sensitive information online. The recent Microsoft scam specifically targets French-speaking users, taking advantage of a surge in data breaches in France, where personal information is readily available on criminal marketplaces. This localized targeting increases the effectiveness of such scams, as attackers can tailor their lures to match the victims' expectations.
Signs of Infection
Victims may notice unusual behavior on their computers after downloading the malware. This includes the presence of a file named v20svc.exe in the Chrome application directory. Additionally, users may experience unauthorized access to their online accounts or cryptocurrency wallets. If you suspect infection, itβs crucial to act quickly and check for this file, as it indicates a likely compromise.
In the case of the Microsoft scam, victims may unknowingly install a malicious Windows update that masquerades as a legitimate software installation, leading to similar signs of infection and unauthorized access.
How to Protect Yourself
To safeguard against this threat, always download software directly from official vendor websites. Avastβs legitimate site is avast.com, and for Microsoft updates, always use the official Microsoft website. If you've interacted with a suspicious site or downloaded the file, take immediate action: By remaining vigilant and informed, you can protect yourself from these types of malware attacks.
Detection
- 1.Run a full system scan with a reputable anti-malware tool.
- 2.Change passwords for critical accounts, starting with email and banking.
- 3.Log out of all active sessions to prevent unauthorized access.
Removal
- 4.For cryptocurrency users, transfer funds to a new wallet created on a secure device.
- 5.Check your registry for suspicious entries, especially for any unauthorized startup items.
- 6.Be vigilant about suspicious files in your Startup folder or unusual processes running on your system.
The rise of localized phishing scams, like the bogus Avast and Microsoft sites, highlights the need for users to remain cautious and verify the authenticity of websites before downloading software.
