Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets

Parkinsond

Level 62
Thread author
Verified
Well-known
Dec 6, 2023
5,188
14,807
6,069
Cybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT.

The website in question, "bitdefender-download[.]com," advertises site visitors to download a Windows version of the Antivirus software. Clicking on the prominent "Download for Windows" button initiates a file download from a Bitbucket repository that redirects to an Amazon S3 bucket. The Bitbucket account is no longer active.

DomainTools said the decoy website masquerading as Bitdefender shares temporal and infrastructure overlaps with other malicious domains spoofing banks and generic IT services that have been used as part of phishing activity to harvest login credentials associated with Royal Bank of Canada and Microsoft .
 
Last edited by a moderator: