- Researchers found a site that falsified Bitdefender Antivirus
- The site provides a remote access Trojan
- Crooks use it to steal people’s money
One of the best antivirus programs out there is being abused in a new campaign that delivers the dangerous friend area -Damn Trojan (Rat).
Cyber Security Scientists Domaintools recently published an in-depth analysis of the malicious operation after discovering a malicious domain called “Bitdefender-Download[.]com ”that leads to a site entitled“ Download to Windows ”.
Apart from a few subtle differences, the site seems to be identical to the legitimate Bitdefender -Download -Webside: “There are subtle differences between them, such as the legitimate page using the word” free “in several places, while the spoofed version does not,” it was explained.
Friend area
The landing page has a “Download for Windows” button that triggers a file download from an Amazon S3 bucket.
The overall executable is called “large install.exe” and was found to contain malware configurations associated with a friend area, Domaintools explained further. It also contained code associated with Open Source Post utilization frames SilentTrinity and Stormkitty Stealer.
Venous area is a light rat used by cyber criminals to gain control of compromised Windows systems. It allows theft of login -credentials and allows threat players to log keyprint, access web cameras and run additional commands, externally.
In this case, Domaintools say the goal was to steal people’s cryptocurrency and then sell access to another threat actor and says there is “clear intention to target individuals to financial gain by compromising their credentials, crypture records and potentially selling access to their systems.”
The researchers also found that the campaign overlaps, both in time and infrastructure, to other malicious operations where banks and “generic IT services” were imitated. The Armenian Idbank and Royal Bank of Canada are some of the companies mentioned in the report.
As usual, the best way to minimize these threats is careful when clicking on links IE emails and social media messages and only downloading software from legitimate sources.
