Fake antivirus software spreading malware attack

A new malware campaign targeting organizations in Taiwan is using fake security software to spread LucidRook, a highly sophisticated threat. Researchers from Cisco Talos found that attackers disguised the malware as trusted antivirus software to trick users into installing it via spearphishing emails containing malicious links and password-protected files.

Fake antivirus software spreading malware attackFake antivirus software spreading malware attack

The attack primarily targets NGOs and universities, using convincing decoy documents such as official government letters to gain trust. Once executed, the malware leverages Windows processes and DLL hijacking techniques to silently install itself, collect sensitive system data, and establish persistence while avoiding detection. A companion tool, LucidNight, is also used for reconnaissance before full deployment.

Fake antivirus software spreading malware attackFake antivirus software spreading malware attack

Security experts warn that this targeted campaign highlights advanced threat tactics combining social engineering and technical evasion. Organizations should strengthen email security, monitor suspicious system behavior, and secure exposed servers to prevent data theft and unauthorized access.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net