A social engineering technique is being used to dupe users into uninstalling their anti-virus products, including those by big-time vendors such as Microsoft and AVG.
Hackers have leveraged a clone of the prevalent rogue CoreGuard Antivirus product called AnVi Antivirus, Symantec noted.
In the past, such rogue anti-virus products have included a retro virus, which seeks to remove anti-virus products entirely, but this attack differs.
The AnVi Antivirus fake product gets the user to access the legitimate anti-virus uninstaller and forces the user to remove the vendor software from the computer.
Symantec even found the fake anti-virus product attempting to get the user to uninstall some of its own software.
"A warning is displayed that the Symantec anti-virus software is uncertified' and will hamper the system's performance," the firm explained in a blog post.
"The user is left with no other option than clicking OK, which initiates the uninstall process. Even if the user clicks the close' button, the uninstaller of the anti-virus product still executes."
Symantec researchers also discovered that the scheme tries to download rogue anti-virus software by connecting to malicious websites.
The Bieber effect
Combining fake anti-virus and social engineering has been a popular method among cyber criminal gangs.
Yesterday, PandaLabs said it had found more than 200 spoof web addresses using the lure of teenage pop singer Justin Bieber to spread rogue software called MySecurityEngine.
"These types of activities have become increasingly common", warned Luis Corrons, technical Director of PandaLabs.
"By positioning websites used to distribute malware among the first results in search engines, they can be sure that numerous internet users will inadvertently download the fake anti-virus."
-
LaunchDarkly to "double down" on observability with Highlight acquisitionNews Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
-
Samsung Galaxy Tab S10 FE reviewReviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
-
Hackers are using Zoom’s remote control feature to infect devices with malwareNews Security experts have issued an alert over a new social engineering campaign using Zoom’s remote control features to take over victim devices.
-
State-sponsored cyber groups are flocking to the 'ClickFix' social engineering techniqueNews State-sponsored hackers from North Korea, Iran, and Russia are exploiting the ‘ClickFix’ social engineering technique for the first time – and to great success.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
-
LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to knowNews Cyber criminals are flocking to LinkedIn to conduct social engineering campaigns, research shows.
-
Phishing campaign targets developers with fake CrowdStrike job offersNews Victims are drawn in with the promise of an interview for a junior developer role at CrowdStrike
-
Iranian hackers targeted nuclear expert, ported Windows infection chain to Mac in a weekNews Fresh research demonstrates the sophistication and capability of state-sponsored threat actors to compromise diverse targets
-
Malware being pushed to businesses by search engines remains a pervasive threatNews High-profile malvertising campaigns in recent months have surged
-
CISA: Phishing campaign targeting US federal agencies went undetected for monthsNews Threat actors used legitimate remote access software to maliciously target federal employees
