A new fake antivirus site scam is popping up. Here’s what to know.
The old adage “Don’t trust everything you read on the internet” — allegedly coined by that famed internet scholar, Abraham Lincoln (citation needed) — feels truer than it ever has. Just yesterday I was trying to update my iPhone to the latest version of iOS, iOS 26. It wasn’t working, so I turned to Google….whose automatic AI response scolded me: “You’re probably having trouble because iOS 26 isn’t real! Apple’s next mobile OS will be called iOS 19, and it isn’t out yet.”
The problem is, that’s wrong on just about every front. Apple’s next version really is called iOS 26 and it really did get released this month.
But seriously: the internet’s loose grip on the truth goes well beyond Wikipedia trolls and generative AI flubs. And some of those lies are designed specifically to trick you into compromising your business’s security.
New Version of an Old Threat: Fake Antivirus Sites
Antivirus scams are nothing new. Practically as long as there have been pop-up ads, there have been scammy ones warning you that your computer is already infected with some terrible disease, and if you just click the flashing neon box, you’ll be all set.
Most pop-ups get blocked these days, and most internet users know not to fall for this kind of trick.
But a new version of this scheme is a lot more convincing. Instead of super-scammy looking popups, today’s scammers are building entire fake websites. Some of these look just like the real thing, even mimicking the design and language on a legitimate cybersecurity company website.
If you end up on one of these sites and click “download”, you’ll download something malicious instead of something helpful.
The most recent high-profile version of this led PC users to download an innocuous-sounding file, StoreInstaller.exe. But that executable didn’t install antivirus software; it installed something called VenomRAT — a piece of malware that gives the bad guys full access to your computer, including keystrokes, webcams, passwords, and even install access (allowing the malware to install even more malware). All without giving you any clear idea that anything’s wrong.
How Scams Like This Get Through
You may be wondering: if pop-ups aren’t a thing anymore, how do scams like this one get through to people? Great question. This isn’t an exhaustive list, but here are some of the ways and methods you should look out for:
- Paid search and regular internet advertising: The reputable digital advertising platforms won’t allow scammers to advertise…once they get identified. But there is often a window where the big ad companies don’t know a new advertiser is fraudulent. Plus, fraudsters keep coming back with new accounts, new domains, and so on, hiding their identity and intent.
- Unscrupulous ad services: The further you stray from the mainstream web, the more likely you’ll encounter a website using a non-mainstream ad service that may not be as careful (or may even welcome bad actors).
- Email scams: Urgent-sounding emails pushing you to take action RIGHT NOW are a big red flag.
- Malicious SEO/GEO: Scammers are also trying to game the system of search engine optimization and now genAI engine optimization, getting their links into top search results and AI summaries. Like paid search, as soon as the big search and AI companies recognize something is a scam, they blacklist it. But it’s possible that in the exact moment you ask a question, a scammer has secured that top result and not gotten banned yet, leading you to a malicious destination.
As always, the best ways to stay safe are to educate your team, always operate with caution/skepticism, and work with a trusted IT partner that can help steer you toward legitimate options and protect you against scammy ones.
Looking for help like this? That’s what we’re here for! Reach out to our team today.