Malicious website posing as Bitdefender distributes three harmful software programs
Headline: Malicious Campaign Using Spoofed Bitdefender Website and Phishing Domains Targets Users
A recent malware-based attack campaign has been uncovered, involving a fake Bitdefender website and phishing domains impersonating banks and IT services. This campaign, attributed to the threat group known as TA505, uses open-source malware tools to distribute VenomRAT and two other malware tools.
Researchers from DomainTools have identified several phishing domains associated with this campaign. The phishing domain mimics Armenian IDBank, while poses as a Microsoft login portal. Another domain, , attempts to deceive users by mimicking the Royal Bank of Canada.
The malicious campaign works by directing visitors to a fake site titled "DOWNLOAD FOR WINDOWS," which appears to be a legitimate antivirus download page from Bitdefender. However, this site actually redirects visitors to malicious files hosted on Bitbucket and Amazon S3. The downloaded package contains an executable named , which initiates the infection process.
Upon infection, the malware samples tied to this campaign share consistent configurations, particularly the reuse of command-and-control (C2) IPs like and .
The malware tools used in this campaign include VenomRAT, StormKitty, and SilentTrinity. VenomRAT, with roots in the Quasar RAT project, supports keylogging, credential theft, and remote command execution (RCE), ensuring remote and persistent access. The use of SilentTrinity and StormKitty suggests the attackers are targeting users not just for immediate gain but for prolonged exploitation or resale of access.
StormKitty, in particular, gathers credentials and crypto wallet data, while SilentTrinity facilitates stealthy exfiltration and long-term control.
Researchers warn users to verify download sources, avoid entering credentials on untrusted sites, and remain cautious with email links or attachments. They also encourage users to be vigilant and report any suspicious activity to their respective cybersecurity teams.
This campaign underscores the accessibility of cybercrime, as the attackers in this case are using open-source malware tools. As such, it is crucial for users and organisations to remain vigilant and implement robust cybersecurity measures to protect against such threats.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Comcast Introduces Sports-Oriented Video Bundle in Preparation for the World Cup Tournament
- Is Maruti's reign over the SUV market being challenged by Mahindra's aggressive move to snatch the top spot?
- Social Security Administration Abandons Plan for Electronic Payments: Important Information for Recipients of Benefits
