Close Menu
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
What's Hot

Humanity Protocol – H falls 15% as $36M hack returns to focus

July 17, 2026

Trump to meet with senators over CLARITY Act on Thursday: Politico

July 17, 2026

Robinhood tackled Coinbase head-on then immediately inherited Base’s biggest problem

July 17, 2026
Facebook X (Twitter) Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook X (Twitter) Instagram
CryptoPulseDaily.com
  • Latest News
    • Market
    • Altcoins
    • Legal and Regulatory
  • Tech
    • Blockchain
    • Security and Privacy
  • Web 3
    • Web3 News
    • NFTs
    • Gaming
  • Learn
    • Education
    • Investments
    • Staking
    • Wallets and Exchanges
  • ICOs
  • Mining
  • Crypto Tools
    • Exchange Tool
  • Shop
CryptoPulseDaily.com
Home»Security and Privacy»Fake Bitdefender Site Spreads Trio of Malware Tools
Fake Bitdefender Site Spreads Trio of Malware Tools
Security and Privacy

Fake Bitdefender Site Spreads Trio of Malware Tools

July 24, 2025No Comments2 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

A spoofed Bitdefender website has been used in a malicious campaign to distribute VenomRAT and two other malware tools, giving attackers deep access to victims’ systems.

The fake site, titled DOWNLOAD FOR WINDOWS, mimics Bitdefender’s legitimate antivirus download page but redirects visitors to malicious files hosted on Bitbucket and Amazon S3.

The downloaded package contains an executable named StoreInstaller.exe, which initiates the infection process. Researchers found this file bundled with code from three separate malware families: VenomRAT, StormKitty and SilentTrinity.

Modular Malware for Maximum Exploitation

According to DomainTools, who uncovered the campaign, it demonstrates a layered approach to compromise with each tool playing a distinct role:

  • VenomRAT ensures remote and persistent access

  • StormKitty gathers credentials and crypto wallet data

  • SilentTrinity facilitates stealthy exfiltration and long-term control

Together, these components allow attackers to move swiftly while remaining hidden.

The use of SilentTrinity and StormKitty, both open-source frameworks, suggests the attackers are targeting users not just for immediate gain but for prolonged exploitation or resale of access.

VenomRAT has roots in the Quasar RAT project and supports keylogging, credential theft and remote command execution (RCE).

The malware samples tied to this campaign share consistent configurations, particularly the reuse of command-and-control (C2) IPs like 67.217.228[.]160:4449 and 157.20.182[.]72:4449.

Analysts traced additional VenomRAT samples and IPs through matching RDP configurations, revealing further infrastructure likely managed by the same threat actor.

Read more on phishing attacks using spoofed antivirus platforms: Cybercriminals Exploit CheckPoint Antivirus Driver in Malicious Campaign

Fake Login Pages Pose Additional Risks

In addition to the spoofed antivirus site, researchers identified related phishing domains impersonating banks and IT services. These include:

  • idram-secure[.]live, spoofing Armenian IDBank

  • royalbanksecure[.]online, mimicking Royal Bank of Canada

  • dataops-tracxn[.]com, posing as a Microsoft login portal

See also  GwisinLocker Ransomware Targets Linux Systems in South Korea

The infrastructure behind these domains overlaps in timing and setup, reinforcing the assessment of a coordinated, financially motivated campaign.

Growing Use of Open-Source Malware

The attackers’ reliance on open-source tools shows how accessible cybercrime has become. By repurposing existing frameworks, they can quickly assemble flexible, effective malware kits. While this can help defenders recognize patterns, it also increases the speed and scale of potential attacks.

DomainTools researchers emphasize vigilance and encourage users to verify download sources, avoid entering credentials on untrusted sites and remain cautious with email links or attachments.

Image credit: T. Schneider / Shutterstock.com

Source link

Bitdefender fake Malware Site Spreads Tools Trio
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Modular macOS Stealer Uses Kill Loops to Force Password Entry

July 16, 2026

Robinhood Chain tokens are reportedly vanishing from wallets causing buyers to lose funds

July 13, 2026

Convicted scammer’s “seized” crypto moves to unknown wallets while in prison as DOJ failed to secure funds

July 13, 2026

One crypto wallet tied to a 20-year-old fraudster processed over $122M before Interpol closed in

July 12, 2026
Add A Comment
Leave A Reply Cancel Reply

Top Posts

Ethereum tops ESG ranking again while Bitcoin continues to struggle

November 17, 2023

How to Earn Extra Income at Home with Cloud Mining

June 23, 2023

Mighty Action Heroes Releases Mighty Road Update

September 15, 2023

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

Our mission is to develop a community of people who try to make financially sound decisions. The website strives to educate individuals in making wise choices about Crypto, ICOs, Web3, Blockchain and more.

We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

Humanity Protocol – H falls 15% as $36M hack returns to focus

July 17, 2026

Trump to meet with senators over CLARITY Act on Thursday: Politico

July 17, 2026

Robinhood tackled Coinbase head-on then immediately inherited Base’s biggest problem

July 17, 2026
Get Informed

Subscribe to Updates

Get the latest creative news From Crypto Daily Pulse directly in your Inbox!

  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2026 Crypto Pulse Daily - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.

Cleantalk Pixel
  • bitcoinBitcoin(BTC)$63,450.00-1.76%
  • ethereumEthereum(ETH)$1,846.90-4.01%
  • tetherTether(USDT)$1.00-0.01%
  • binancecoinBNB(BNB)$570.43-1.65%
  • usd-coinUSDC(USDC)$1.000.01%
  • rippleXRP(XRP)$1.09-2.58%
  • solanaSolana(SOL)$74.93-2.76%
  • tronTRON(TRX)$0.321734-0.90%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.02-1.67%
  • HyperliquidHyperliquid(HYPE)$60.24-9.32%