A new tech support scam pretending to be from McAfee was discovered last week that is harvesting credit card details and personal information of its victims.
Last week I was tipped off about a new browser-based tech support scam that stated "Your Mcafee subscription has expired on 18 October 2018". This page then prompted me to renew as shown below.
... ... ...
... ...
Scam site also pushes adware
According to
Thomas Roccia, a security researcher at McAfee Labs, the associated scam site, onlineav-shop.com, is also known to host and distribute unwanted software and adware.
When examining some of the malware hashes provided by Roccia, I was able to identify the samples as being the WizzCaster adware. This adware will create random named executables on the infected PC and configure them to automatically start on login.
When started, the adware will open adverting redirects that promote adult sites, fake blogs, unwanted chrome extensions, and adware downloads. Coincidentally, the first advertisement shown by this adware was one for McAfee, but was the one that just redirects you to their site via an affiliate link.