Security researchers have issued a serious warning for Microsoft Windows users after discovering a series of fake websites installing harmful apps on PCs. These sites pretend to be popular brands to trick users into downloading apps laced with malware that can steal passwords and digital wallets.
The alert comes from DomainTools, who revealed that these apps deliver three types of malware: VenomRAT, which causes major damage; StormKitty, which steals passwords and wallet data; and SilentTrinity, which helps attackers stay hidden and control the infected system.
Fake websites mimic trusted brands like Bitdefender, Royal Bank of Canada, and even Microsoft’s sign-in page. Users are urged to avoid clicking any suspicious “Download for Windows” buttons on unfamiliar sites.
Researchers found that attackers use a “build-your-own-malware” method based on open-source tools, making these threats more adaptable and stealthy. This method lowers security barriers, putting everyday users at greater risk.
Three important safety tips:
- Only download software from official websites or app stores.
- Double-check website addresses before entering sensitive info, especially on banking or login pages.
- Never enter credentials on sites unless you are 100% sure they are legitimate.
If you see an app on a website, avoid downloading it there. Instead, go to the official app store or navigate to the company’s site through a trusted search or app.
