The Hacker News reports that several fake websites offering antivirus software from Avast, Malwarebytes, and Bitdefender were leveraged by threat actors to distribute various information-stealing malware strains.
Attackers used avast-securedownload[.]com to facilitate the deployment of the SpyNote infostealer through an Android package file that seeks permissions for SMS message and call log viewing, screenshot capturing, app installation and deletion, location tracking, and cryptocurrency mining, according to a report from the Trellix Advanced Research Team.
On the other hand, the malwarebytes[.]pro and bitdefender-app[.]com sites have been utilized to deliver the StealC and Lumma infostealing payloads through a RAR archive file and ZIP archive file, respectively.
Another infostealer had also been distributed through the malicious Trellix binary dubbed "AMCoreDat.exe." Such a report comes amid the increasing prevalence of information-stealing malware.
"The fact that new stealers appear every now and then, combined with the fact that their functionality and sophistication varies greatly, indicates that there is a criminal market demand for stealers," said Kaspersky.
