Select Page

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT.

“Among the software in question are various instruments for fine-tuning CPUs, graphic cards, and BIOS; PC hardware-monitoring tools; and some other apps,” cybersecurity vendor Doctor Web said in an analysis.

“Such installers are used as a decoy and contain not only the software potential victims are interested in, but also the trojan itself with all its components.”

The exact initial access vector used in the campaign is unclear but it could potentially range from phishing to drive-by downloads to malicious ads. Users who land on the fake site are prompted to download a ZIP installer package.

The installer, besides activating the standard installation process, stealthily drops the Fruity trojan, a Python-based malware that unpacks an MP3 file (“Idea.mp3”) to load an image file (“Fruit.png”) to activate the multi-stage infection.

images from Hacker News