A social engineering technique is being used to dupe users into uninstalling their anti-virus products, including those by big-time vendors such as Microsoft and AVG.
Hackers have leveraged a clone of the prevalent rogue CoreGuard Antivirus product called AnVi Antivirus, Symantec noted.
In the past, such rogue anti-virus products have included a retro virus, which seeks to remove anti-virus products entirely, but this attack differs.
The AnVi Antivirus fake product gets the user to access the legitimate anti-virus uninstaller and forces the user to remove the vendor software from the computer.
Symantec even found the fake anti-virus product attempting to get the user to uninstall some of its own software.
"A warning is displayed that the Symantec anti-virus software is uncertified' and will hamper the system's performance," the firm explained in a blog post.
"The user is left with no other option than clicking OK, which initiates the uninstall process. Even if the user clicks the close' button, the uninstaller of the anti-virus product still executes."
Symantec researchers also discovered that the scheme tries to download rogue anti-virus software by connecting to malicious websites.
The Bieber effect
Combining fake anti-virus and social engineering has been a popular method among cyber criminal gangs.
Yesterday, PandaLabs said it had found more than 200 spoof web addresses using the lure of teenage pop singer Justin Bieber to spread rogue software called MySecurityEngine.
"These types of activities have become increasingly common", warned Luis Corrons, technical Director of PandaLabs.
"By positioning websites used to distribute malware among the first results in search engines, they can be sure that numerous internet users will inadvertently download the fake anti-virus."
-
AI is helping bad bots take over the internetNews Automated bot traffic has surpassed human activity for the first time in a decade, according to Imperva
-
Two years on from its Series B round, Hack the Box is targeting further growthNews Hack the Box has grown significantly in the last two years, and it shows no signs of slowing down
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
-
LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to knowNews Cyber criminals are flocking to LinkedIn to conduct social engineering campaigns, research shows.
-
Phishing campaign targets developers with fake CrowdStrike job offersNews Victims are drawn in with the promise of an interview for a junior developer role at CrowdStrike
-
Iranian hackers targeted nuclear expert, ported Windows infection chain to Mac in a weekNews Fresh research demonstrates the sophistication and capability of state-sponsored threat actors to compromise diverse targets
-
Malware being pushed to businesses by search engines remains a pervasive threatNews High-profile malvertising campaigns in recent months have surged
-
CISA: Phishing campaign targeting US federal agencies went undetected for monthsNews Threat actors used legitimate remote access software to maliciously target federal employees
-
Google Ads malvertising campaign prompts questions around Search securityNews A leading security researcher has called into question why Google still allows malware links to top search results
-
Uber hacked via basic smishing attackNews The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages
