Beware! Fake antivirus websites are spreading malware to Android & Windows devices

Next time you download an antivirus, check the URL twice

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Recently, fake antivirus websites have emerged as the new cybersecurity threat, spreading malware to Windows and Android devices.

These websites impersonate legit antivirus solutions from renowned brands, including Bitdefender, Avast, and Malwarebytes, which could trick you into downloading malicious software.

Which fake antivirus websites are spreading malware?

These are the fake websites that look like legit antivirus programs that are spreading malware:

  • avast-securedownload[.]com – This website distributes the SpyNote trojan, which impersonates an Android package file (Avast.apk). Once you download and install it, the trojan asks you for permission to access your SMS, call logs, delete apps, track location, take screenshots, and mine cryptocurrency.
  • malwarebytes[.]pro – Once you click on Free Download, MBSetup.rar, a RAR archive file will be downloaded. This installs the StealC information stealer malware.
  • bitdefender-app[.]com – Once you click on Free Download For Windows,, a ZIP archive file is downloaded. This deploys Lumma information stealer malware on your Windows device.

Another threat actor named AMCoreDat.exe, a Trellix binary that is a drop stealer malware has been uncovered. This malware can harvest victim information, including browser data, and send it to a remote server.

Cybersecurity experts are unaware of the distribution methods these fake antivirus websites use. However, similar campaigns in the past have been known to use malvertising and search engine optimization (SEO) poisoning.

With these methods, malicious sites come up higher in the search engine results, which increases the probability of visiting them. There has been an increase in demand for stealer malware, which can harvest information from infected devices. Hence, many new stealers, such as ScarletStealer, Acrid, SamsStealer, and Waltuhium Grabber.

How can I protect myself from these threats?

Here are a few of the best practices that you can follow:

  • Verify the source – Make sure you download the antivirus software from the official website and avoid clicking the links in your emails or ads.
  • Beware of pop-ups – Legit or real antivirus software doesn’t use forceful pop-up tactics to scare users into downloading their software. If you see pop-ups from the same brand more than often, it is most likely a scam.
  • Inspect the URL closely – Even if you end up on a website using a Google search result, always check the URLs and look for slight variations, like spelling mistakes, extra words, or symbols.
  • Use reliable security software – You must always choose an antivirus tool with anti-phishing and anti-malware features that can detect and block suspicious websites and downloads.
  • Stay updated – Given the rising number of threat actors, keep an eye on cybersecurity threats and related news so that you always know how to prevent yourself from becoming a victim.

To conclude, these instances of fake antivirus websites distributing malware make it more important to stay vigilant and double-check any software we download and install on our devices. At the same time, we are supposed to rely on antivirus tools for protection, and ensuring the legitimacy of sources is crucial for securing our systems against potential threats.

What do you think about it? Share your views with our readers in the comments section below.

More about the topics: Windows, windows 10