CP
cyberpings
Malware & RansomwareHIGH

Malware - Bogus Avast Website Installs Venom Stealer

MWMalwarebytes Labs
Venom StealerAvastmalwarescarewarephishing
🎯

Basically, a fake Avast site pretends to scan for viruses but actually installs malware that steals your information.

Quick Summary

A fake Avast site tricks users into downloading malware. This malware, Venom Stealer, targets passwords and crypto wallets. Quick action is needed to protect sensitive information.

What Happened

A fake website mimicking Avast antivirus is deceiving users into downloading malware. This site runs a phony virus scan that falsely claims your computer is infected. Once users are panicked, they are prompted to download a file disguised as a virus cleaner, but it actually installs Venom Stealer, a malware designed for data theft. This tactic exploits the trust users place in well-known brands like Avast.

The scam begins with a convincing interface that includes a logo and certification badges. Users initiate a scan, which theatrically finds multiple threats. The result? A recommendation to download a file named Avast_system_cleaner.exe. This file is the malware payload that starts stealing sensitive information immediately upon execution.

Who's Being Targeted

Anyone who visits this fraudulent site could be at risk, especially those who are not tech-savvy. The scam preys on individuals looking for antivirus solutions, exploiting their urgency to resolve perceived threats. Once the malware is installed, it targets high-value data, including passwords, session cookies, and cryptocurrency wallet information. This makes it particularly dangerous for users who store sensitive information online.

Signs of Infection

Victims may notice unusual behavior on their computers after downloading the malware. This includes the presence of a file named v20svc.exe in the Chrome application directory. Additionally, users may experience unauthorized access to their online accounts or cryptocurrency wallets. If you suspect infection, it’s crucial to act quickly and check for this file, as it indicates a likely compromise.

How to Protect Yourself

To safeguard against this threat, always download software directly from official vendor websites. Avast’s legitimate site is avast.com. If you've interacted with a suspicious site or downloaded the file, take immediate action:

  • Run a full system scan with a reputable anti-malware tool.
  • Change passwords for critical accounts, starting with email and banking.
  • Log out of all active sessions to prevent unauthorized access.
  • For cryptocurrency users, transfer funds to a new wallet created on a secure device.

By remaining vigilant and informed, you can protect yourself from these types of malware attacks.

🔒 Pro insight: The impersonation of trusted antivirus brands highlights the ongoing effectiveness of social engineering tactics in malware distribution.

Original article from

Malwarebytes Labs

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malware - Hackers Deploy PXA Stealer via Phishing ZIP Files

Cybercriminals are ramping up attacks on financial firms using PXA Stealer malware. This sophisticated threat follows the dismantling of major infostealer operations, increasing risks for sensitive data. Organizations must enhance their defenses to combat this growing menace.

Cyber Security News·
HIGHMalware & Ransomware

Malware - Bearlyfy Targets 70+ Russian Firms with Ransomware

Bearlyfy has struck over 70 Russian firms with its custom GenieLocker ransomware. This group aims for financial gain and sabotage, significantly impacting businesses. Organizations must enhance their defenses to combat this growing threat.

The Hacker News·
HIGHMalware & Ransomware

Infiniti Stealer - New Malware Targets macOS Users via CAPTCHA

A new malware called Infiniti Stealer is targeting macOS users through fake Cloudflare CAPTCHA pages. This clever trick bypasses traditional security measures, posing serious risks. Users are urged to take immediate action to protect their sensitive data.

Cyber Security News·
HIGHMalware & Ransomware

ClickFix Attack - New Malware Technique Uncovered

The ClickFix attack technique is tricking users into running harmful commands on their devices. This method affects Windows and macOS users, posing a significant risk to various industries. Awareness and proactive measures are crucial to prevent these types of malware infections.

Cyber Security News·
HIGHMalware & Ransomware

Coruna Exploit - Evolution of Triangulation iOS Framework

Kaspersky has discovered the Coruna exploit kit, which reuses code from the Operation Triangulation attacks. This poses a significant risk to iOS users. With millions of devices vulnerable, timely updates are crucial to protect sensitive data.

Security Affairs·
HIGHMalware & Ransomware

BPFdoor - Stealth Malware Targets Telecom Networks Worldwide

BPFdoor, a stealthy backdoor, targets telecom networks globally. This malware operates deep within the OS kernel, complicating detection efforts. Security teams must enhance their visibility to combat this threat effectively.

SC Media·