Cybercriminals Clone Antivirus Site to Spread Venom RAT

Описание: In this video, we delve into a recent cybersecurity incident involving a cloned antivirus website that is being used to distribute the Venom RAT malware. This alarming campaign was disclosed on May 27, 2025, and highlights the evolving tactics of cybercriminals.

What you’ll learn: We will explore the details of this malicious campaign, how it operates, its impact on victims, and what steps individuals and organizations can take to protect themselves from such threats. The campaign features a fake website masquerading as Bitdefender, tricking users into downloading malware that can compromise their financial information and system security.

Cybersecurity researchers have identified a fake website, bitdefender-download[.]com, which falsely advertises a Windows version of Bitdefender antivirus software. By clicking on the download button, users inadvertently download a ZIP file containing an executable that installs the Venom RAT, a remote access trojan. This malware is designed to harvest sensitive data, including login credentials and cryptocurrency wallet information. The campaign demonstrates a clear intent to financially exploit victims by compromising their systems.

The DomainTools Intelligence team reported that the decoy website shares infrastructure with other malicious domains previously used in phishing attacks targeting banks and IT services. This indicates a broader trend of cybercriminals employing modular malware built from open-source components, making their attacks more sophisticated and harder to detect.

In addition to the Venom RAT campaign, there are reports of a ClickFix-style campaign utilizing fake Google Meet pages to install another RAT, noanti-vm.bat. This campaign employs social engineering tactics to trick users into executing harmful commands under the guise of fixing a supposed microphone error. Furthermore, there has been a rise in phishing attacks utilizing Google’s AppSheet platform, allowing attackers to bypass traditional email security measures and harvest credentials and two-factor authentication codes.

As cyber threats continue to evolve, it is crucial for individuals and organizations to remain vigilant. Users should verify the authenticity of software downloads, employ robust security measures, and stay informed about the latest threats in the cybersecurity landscape. Organizations should implement security training for employees to recognize phishing attempts and suspicious downloads.

In conclusion, the cloning of legitimate antivirus sites to distribute malware underscores the ongoing challenges in cybersecurity. By understanding these tactics and taking proactive measures, we can better protect ourselves against these growing threats.