Hackers forcing ‘legitimate’ anti-virus uninstall
Cyber criminals are using social engineering in their attempts to get users to uninstall legitimate anti-virus software.
A social engineering technique is being used to dupe users into uninstalling their anti-virus products, including those by big-time vendors such as Microsoft and AVG.
Hackers have leveraged a clone of the prevalent rogue CoreGuard Antivirus product called AnVi Antivirus, Symantec noted.
In the past, such rogue anti-virus products have included a retro virus, which seeks to remove anti-virus products entirely, but this attack differs.
The AnVi Antivirus fake product gets the user to access the legitimate anti-virus uninstaller and forces the user to remove the vendor software from the computer.
Symantec even found the fake anti-virus product attempting to get the user to uninstall some of its own software.
"A warning is displayed that the Symantec anti-virus software is uncertified' and will hamper the system's performance," the firm explained in a blog post.
"The user is left with no other option than clicking OK, which initiates the uninstall process. Even if the user clicks the close' button, the uninstaller of the anti-virus product still executes."
Symantec researchers also discovered that the scheme tries to download rogue anti-virus software by connecting to malicious websites.
The Bieber effect
Combining fake anti-virus and social engineering has been a popular method among cyber criminal gangs.
Yesterday, PandaLabs said it had found more than 200 spoof web addresses using the lure of teenage pop singer Justin Bieber to spread rogue software called MySecurityEngine.
"These types of activities have become increasingly common", warned Luis Corrons, technical Director of PandaLabs.
"By positioning websites used to distribute malware among the first results in search engines, they can be sure that numerous internet users will inadvertently download the fake anti-virus."
-
Hackers are capitalizing on AI hype to ramp up social engineering attacks – and they're using big brands like Anthropic, OpenAI, and DeepSeek as ‘bait’ to lure victimsNews Microsoft says cyber criminals are impersonating popular AI platforms to deliver malware
-
Two US nationals sentenced for role in prolific fake worker laptop farmsNews The Americans were raising money for the North Korean regime by allowing fake IT workers to appear as legitimate US-based employees
-
Beware of emails threatening a code of conduct review
News A widespread phishing campaign has targeted tens of thousands of employees
-
Microsoft and NCSC issue alerts over hacker campaigns targeting WhatsApp, Signal messaging appsNews Microsoft warns about a sophisticated attack that starts with WhatsApp messages, while the NCSC says such incidents are on the rise
-
Is your new hire an AI clone? Microsoft says North Korean hackers are using AI to impersonate job seekers and steal company secretsNews The groups are increasingly using face-changing or voice-changing software to make their fake identities more plausible
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
Thousands of Microsoft Teams users are being targeted in a new phishing campaignNews Microsoft Teams users should be on the alert, according to researchers at Check Point
-
Microsoft warns of rising AitM phishing attacks on energy sectorNews The campaign abused SharePoint file sharing services to deliver phishing payloads and altered inbox rules to maintain persistence
