Threat actors have been leveraging a fraudulent website promoting Bitdefender antivirus software to distribute the VenomRAT remote access trojan as part of a new attack campaign, The Hacker News reports.Intrusions commence with the "bitdefender-download[.]com" website luring visitors to click the "Download for Windows" button, which leads to the download of the Bitdefender.zip file with an executable that contains not only VenomRAT-linked malware configurations but also code for the StormKitty infostealer and the SilentTrinity post-exploitation framework, according to findings from the DomainTools Intelligence team. Researchers said that VenomRAT ensures infiltration of targeted systems and StormKitty pilfers credentials and digital wallet details, while SilentTrinity maintains persistence and conceals malicious activity. "This campaign underscores a constant trend: attackers are using sophisticated, modular malware built from open-source components. This "build-your-own-malware" approach makes these attacks more efficient, stealthy, and adaptable," said DomainTools. Such a development follows a Sucuri report detailing the utilization of fake Google Meet pages to facilitate noanti-vm.bat RAT distribution in an attack campaign akin to ClickFix.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds