- Researchers have found a website usurrant with Bitdefender antivirus
- The site delivers a Trojan horse remotely
- Crooks use it to steal people’s money
One of the best antivirus programs is abused in a new campaign offering the dangerous Trojan with remote access Venomrat (RAT).
Domaintools cybersecurity researchers recently published an in-depth analysis of the malicious operation after having spotted a malicious area called “Bitdefender-Download[.]com “, which leads to a website entitled” Download for Windows “.
Aside from a few subtle differences, the website apparently seems identical to the Bitdefender Download Legitimate Download page: “There are subtle differences between them as the legitimate page using the word” free “in several places while the spoofĂ©e version does not do it,” he was explained.
Venomrat
The destination page has a “Download for Windows” button, which triggers a file download from an Amazon S3 bucket.
The group executable is named “Storeinstaller.exe” and turned out to contain malware configurations associated with Venomrat, said Domaintools. It also contained the code associated with the Silentrinity of the Open Source post-exploitation framework and the Stormkitty thief.
Venomrat is a light rat that cybercriminals use to take control of the compromised Windows systems. It allows the flight identification theft and allows actors to threaten to record strikes, access to webcams and run additional, remote commands.
In this case, Domaintools says that the objective was to steal people ‘cryptocurrency, then sell access to a different threat actor, claiming that there is a clear intention to target individuals for a financial gain by compromising their references, their cryptographic portfolios and potentially selling access to their systems “.
Researchers also found that the campaign overlaps, both in time and in infrastructure, to other malicious operations in which the banks and “generic IT” were identified. The Armenian Idbank and the Royal Bank of Canada are some of the companies mentioned in the report.
As usual, the best way to minimize these threats is to be careful when you click on the links in emails and social media messages, and to download only software from legitimate sources.
