Fake Kaspersky Antivirus

Over the weekend, someone wrote to us complaining that Kaspersky Lab was sending spam. Naturally, this came as a bit of a surprise, seeing as how we do nothing of the sort; in fact we do quite the reverse: we combat spam. Of course, we wanted to find out why a user had come to the conclusion that Kaspersky Lab was sending spam to them.

The email that the user complained about had all the hallmarks of a typical online scam: behind the nice pictures reminiscent of Kaspersky Lab’s official advertising there was a link that had absolutely nothing in common with the company’s products. The cybercriminals had done a good job: the email not only looked like an official email from Kaspersky Lab but the “From” field was a good imitation as well.

After clicking the link, a user unwittingly ends up on a website with an offer to buy a program called Best Antivirus Online. It has to be said that the image of the “product box” on the web page was not unlike that of Symantec’s signature design – black font against a predominantly yellow background. To buy the program, the user had to enter their credit card details and email address so they could receive further instructions. We followed these step as part of our investigations, but received no more instructions at the email address we specified. It is quite possible that users could have received more instructions on how to download the fake antivirus at the time the spam was active.

This is not the first time cybercriminals have made use of Kaspersky Lab products. We have noticed on several occasions that the distributors of fake antiviruses have tried to make their “product” interfaces similar to those of KIS or KAV. Spammers distributing offers of cheap software often stress in their emails that Kaspersky Lab’s products are available on their sites at bargain prices.

This level of awareness by the cybercriminals is a clear indication that Kaspersky Lab products are popular and trusted. They are taking advantage of users’ trust in Kaspersky Lab as a social engineering tool, hoping that the familiar green design will lull users into a false sense of security and make them click the malicious link.

It should be noted that not only Kaspersky Lab has attracted the attention of malicious users. A week or so ago, we received similar messages that imitated a mailing from Adobe. The link in the message led to a suspicious-looking “pdf reader”. The site’s template was identical to the template used for Best Antivirus Online, only the color scheme was different. In early October, a similar site was linked to emails with offers to download a new version of iTunes dedicated to Steve Jobs. The color scheme then was completely different, but the site template was the same.

At the time the user wrote to us, Kaspersky Lab products detected both the spam messages and the malicious site distributed in them. But we not only urge users to trust our products but to also be vigilant when surfing the net. And remember: no reputable company would send spam messages!

Fake Kaspersky Antivirus

Your email address will not be published.



Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox