Using phishing websites, which often replicate the original in an optically deceptively real way, online gangsters not only try to fish out log-in data. Such sites often disguise themselves as supposedly legitimate download portals and lure victims with well-known tools in order to infect PCs with Trojans.
Wolf in sheep’s clothing
As security researchers from Cybel have observed, this is currently taking place with the MSI Afterburner graphics card tool. If a victim falls for it, he cannot tune his graphics card with the Windows tool as intended, but catches the coin miner XMR Miner. He abuses the computing power of the computer to mine cryptocurrencies.
In their report, the security researchers state, having observed around 50 such fake websites in the past three months. In order for victims to end up on such a site, the people behind the malware campaign rely on phishing emails, among other things. They also distribute the links in various places on the Internet.
Dangerous search results
But it can be even more perfidious: The criminals often even place ads so that their phishing websites appear in a Google search, for example. If such an ad appears high in the results, there is a high probability that victims will open the page and fall for the scam.
Heise Security has often received letters from readers who have pointed out such ads to us. In some cases, the entry even appeared above the tools’ original website. Trojans can also be found time and again on websites for software cracks and key generators for illegal software activation. This is also the case with many torrent and warez websites. Download offers that require the installation of a download manager should also be viewed critically.
If you are looking for a PC tool, you should visit established download portals such as heise download. The tools made available on the Heise servers are checked by around 40 virus scanners, among others, before they are offered.