By rssfeeds-admin .webp?ssl=1 "Threat Actors Using Fake Avast Website to Harvest Users Credit Card Details")
This operation is designed to harvest sensitive financial credentials by tricking users into believing they are resolving an erroneous charge.
By leveraging the trusted branding of a major security vendor, the attackers aim to bypass user skepticism and secure high-value payment data.
The scam operates through a fraudulent website that replicates the authentic Avast portal with alarming accuracy, utilizing official color schemes to establish legitimacy from the moment a victim arrives.
The attack vector relies heavily on psychological manipulation, confronting visitors with a fabricated transaction record displaying a debit of €499.99.
To manufacture immediate urgency, the site prominently displays a warning stating that cancellation requests must be filed within 72 hours, while simultaneously claiming that transactions older than 48 hours are irreversible.
This deliberate contradiction is often overlooked by panicked users who are focused on the substantial financial loss.
The fraudulent page further enhances its credibility by loading the official Avast logo directly from the vendor’s content delivery network, ensuring the visual elements render perfectly.
The fixed transaction amount is carefully chosen to be significant enough to provoke rapid action without seeming impossible for a software subscription.
Malwarebytes analysts identified that this campaign employs dynamic scripting to maximize its impact on every visitor.
The phishing page utilizes a specific line of JavaScript that reads the local system clock and automatically inserts the current date into the transaction record.
This ensures that whether a user accesses the site on a Tuesday or a Friday, the fraudulent charge appears to have occurred that very morning, heightening the shock value.
The campaign is expertly designed to ensnare a wide spectrum of potential victims, casting a broad net that includes actual Avast customers believing it is a billing error, and forgotten subscribers assuming an old account has renewed.
It also effectively targets alarmed non-customers who immediately fear identity theft upon seeing the charge.
Even opportunists looking to claim a refund they are not owed fall prey to the scheme, as the site does not require a login or license key, allowing anyone to proceed directly to the harvesting forms without authentication.
Technical Mechanics of Data Capture and Evasion
The technical infrastructure of this scam is built to validate and exfiltrate data efficiently while maintaining the illusion of a support interaction.
Once a victim submits their personal contact details, the site presents a modal dialogue explicitly requesting full credit card information, including the number, expiration date, and CVV code.
To ensure the utility of the stolen data, the attackers have implemented the Luhn algorithm within the page’s code.
This mathematical validation checks the structural integrity of the entered credit card number in real-time, preventing the submission of typos or dummy numbers.
Only valid card formats are accepted, which are then bundled into a JSON object and transmitted via a POST request to a backend file named send.php.
Distinctively, the site also embeds a live chat widget from Tawk.to, specifically using account identifier 689773de2f0f7c192611b3bf, allowing the operators to engage with hesitant victims in real-time.
This interactive element functions as a “support agent” to nudge them toward completion. Following the data theft, the user is redirected to a confirmation page, a final social engineering tactic intended to remove the very security tools that might alert the victim to the ongoing fraud.
To defend against such pervasive threats, users must recognize the warning signs of refund fraud. Legitimate vendors will never ask for a full credit card number and security code to process a refund, as they already possess the necessary transaction data.
If you encounter a suspicious charge, navigate directly to the company’s official website rather than clicking links in unsolicited messages.
For those who may have entered their details, it is critical to contact your bank immediately to cancel the compromised card and dispute any pending charges.
It is also advisable to change passwords for any accounts associated with the email address provided to the scammers, as this data creates a risk of future account takeovers.
If unsure, you can also submit suspicious messages to detection tools like Scam Guard for review.
Finally, always keep your operating system and applications updated, and run a comprehensive scan with reputable security software to ensure no additional malware or remote access tools were introduced during the interaction.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post Threat Actors Using Fake Avast Website to Harvest Users Credit Card Details appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.