The Hacker News Reports Fake Websites Distributing Information-Stealing Malware
The Hacker News recently uncovered a disturbing trend in the cybersecurity world, with threat actors utilizing fake websites posing as legitimate antivirus software providers to distribute information-stealing malware.
One such website, avast-securedownload[.]com, was found to be deploying the SpyNote infostealer through an Android package file. This malicious software seeks permissions for a wide range of intrusive actions, including SMS message and call log viewing, screenshot capturing, app installation and deletion, location tracking, and even cryptocurrency mining.
Additionally, malwarebytes[.]pro and bitdefender-app[.]com were identified as sources for the StealC and Lumma infostealing payloads, delivered through RAR and ZIP archive files, respectively.
Furthermore, a malicious binary named “AMCoreDat.exe” was discovered being used to distribute another infostealer, highlighting the growing prevalence of information-stealing malware in the digital landscape.
Kaspersky, a leading cybersecurity expert, commented on the situation, stating, “The fact that new stealers appear every now and then, combined with the fact that their functionality and sophistication varies greatly, indicates that there is a criminal market demand for stealers.”
