- The researchers found a website that falsified Bitdefender Antivirus
- The site offers a remote access Trojan
- The criminals are using it to steal people’s money
One of the best antivirus programs is to be abused in a new campaign that offers the dangerous Access Trojan Venomrat (Rat).
Cybersecurity researchers, Domatools, recently published an in-depth analysis of the malicious operation after they saw a malicious domain called “Bitdefender-Download[.]com “, which leads to a website entitled” Download for Windows “.
In addition to some subtle differences, the website is apparently identical to the Bitdefender’s legitimate download website: “There are subtle differences between them, such as the legitimate page used by the word” free “in several places, while the falsified version does not do so,” he explained.
Poison
The destination page has a “Download for Windows” button, which triggers a file download from a Amazon S3 cube.
The grouped executable is called “Storeinstaller.exe”, and it was discovered that it contained malware configurations associated with Venomrat, Domatools explained. It also contained code associated with the open source frame after Silenttrinity and Stormkitty Stealer exploitation.
Venomrat is a light rat that cybercriminals use to obtain control over compromised Windows systems. Enabling the theft of login credentials and allows threat actors to register the keys keys, access web cameras and execute additional commands, remotely.
In this case, Domaineols says that the goal was to steal the cryptocurrency of people and then sell access to a different threat actor, saying that “there is a clear intention to attack people to obtain financial gains by compromising their credentials, cryptographic wallets and potentially access to access their systems.”
The researchers also found that the campaign overlaps, both in time and in infrastructure, to other malicious operations in which the generic banks and “services” were being to impersonate the Armenian Idbank, and the Royal Bank of Canada, are some of the companies mentioned in the report.
As usual, the best way to minimize these threats is to be careful when clicking on the links in emails and social media messages, and just download software from legitimate sources.
