Research

Spot the imposter: pretending to be the original

Some months ago I wrote a blog post called “Rogue AV raising the stakes” which mentioned a new trend in the graphical user interfaces of Fake Anti-viruses. Our predictions were correct, as today my colleague Fabio Assolini found a Web site with an interface very similar to Kaspersky Anti-Virus. See for yourself:

This isn’t the first time we’ve found this kind of fake imitation of our solutions. The interesting part is that during our research we found fake versions of other Anti-Virus solutions on the same malicious host. Can you spot the difference?

These are just some of the examples. Since some Internet users know what the most popular Anti-Virus solutions look like they can be confused and pay for a Rogue AV solution. This is the main goal of the criminals; to confuse as many people they can, and to get as much money as possible.

On this same malicious server we found 256 different malicious rogue domains with different content but with the same intention: to cheat people by making them pay money for nothing.

Please be careful and always check the domain of the page you’re visiting. Don’t be a victim of criminals!

Spot the imposter: pretending to be the original

Your email address will not be published. Required fields are marked *

 

Reports

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

Subscribe to our weekly e-mails

The hottest research right in your inbox