Fake Windows Defender Alerts Weaponized to Perform Fraudulent Transactions

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing
A new ongoing malicious tech support scam has been identified recently that involves the development of several phishing websites that are being operated by the Threat Actor.

All of these phishing sites display a fake Windows Defender alert and, in order to make the scenario appear more legitimate, they pretend to be Microsoft support sites.

Since September 2022, more than 50 phishing websites have been discovered. While the following IP address has been identified to be associated with these websites and this address has been found to be located in India:-

  • 68.178.145[.]199

Moreover, as a result of an analysis of tech support scams, security researchers have been able to find out that 85% of IPs that are used by threat actors to commit frauds like this originate from India.

The fake website window also plays an audio message that says “important security message” until the user closes the website with the intention of stopping it.

Upon opening the URL, a pop-up is displayed that states “Quick Scan” and then a fake scan appears, stating that threats have been detected on the user’s computer.

Upon doing that, it displays a fake Threat Scan result with a number of key details, as follows:-

  • Detection name
  • Type of malware
  • Object type
  • Location

The site then informs the victims of the presence of Trojan spyware on their computers, and they can take action accordingly. There was also a compromise of sensitive data involved in this incident.

In this fake sensitive data compromise alert the site claims that the following data are compromised:-

  • Email credentials
  • Banking passwords
  • Facebook login
  • Pictures
  • Documents

Next, the scammers show a “Windows Defender Security Center” pop-up to the victim in which they ask to call a support technician by dialing the number provided in the pop-up window.

Apart from this, it has also been identified that the operators of these tech support scams are also targeting iPhone devices.


Listed below are some of the most important security practices that will help you to create the first layer of defense against such scams and scammers:-

  • Make sure the automatic software update feature is turned on in your system.
  • Keep an eye on your financial transactions on a regular basis.
  • Make sure that you use a reputable antivirus program to keep your computer protected.
  • Make sure that you don’t open any links or attachments that are not trustworthy.