{"id":75880,"date":"2025-04-08T11:09:35","date_gmt":"2025-04-08T09:09:35","guid":{"rendered":"https:\/\/gulftech-news.com\/en\/?p=75880"},"modified":"2025-04-08T11:09:36","modified_gmt":"2025-04-08T09:09:36","slug":"kaspersky-finds-fake-sites-spreading-trojan-downloader-tookps-under-the-guise-of-popular-software","status":"publish","type":"post","link":"https:\/\/gulftech-news.com\/en\/2025\/04\/08\/kaspersky-finds-fake-sites-spreading-trojan-downloader-tookps-under-the-guise-of-popular-software\/","title":{"rendered":"Kaspersky finds fake sites spreading Trojan-Downloader TookPS under the guise of popular software"},"content":{"rendered":"\n

Kaspersky has uncovered that a Trojan-Downloader dubbed TookPS is being spread through malicious websites imitating popular remote access and 3D modeling software. First observed by Kaspersky experts in early March, this Trojan infects users\u2019 devices with backdoors, allowing for unauthorized stealth access to the victim\u2019s system.<\/strong><\/p>\n\n\n\n

Kaspersky Threat Research experts warn that users are being lured to fake websites that mimic official pages or falsely claim to offer free downloads of popular software, such as UltraViewer, AutoCAD, and SketchUp, commonly utilized both for business and personal purposes. <\/p>\n\n\n\n

However, when users click the \u2018download\u2019 buttons, they unknowingly get TookPS instead of the application they were looking for. The potential victims of this campaign could include both individuals and organizations.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Examples of malicious websites capitalizing on legitimate software brands<\/em><\/p>\n\n\n\n

Once on the device, TookPS runs a series of scripts and technical processes that allow attackers to install a backdoor on the victim\u2019s system, granting them hidden remote access and the ability to execute arbitrary commands.<\/p>\n\n\n\n

Based on technical analysis of the malicious files, Kaspersky researchers also believe that there may be other lures \u2014 for example, those capitalizing on well-known software brands such as Ableton (used for music production) or Quicken (used for personal finance management).<\/p>\n\n\n\n

\u201cEarlier, we discovered several malicious campaigns that used DeepSeek\u2019s brand as bait. One of the threats described was the TookPS. As we now observe, it isn\u2019t just pretending to be an AI tool, that was only the tip of the iceberg. This is a broader campaign, targeting both individuals and organizations, where malware is hidden under different guises to lure in as many potential victims as possible,\u201d explains Vasily Kolesnikov, security expert at Kaspersky. \u201cTo avoid falling victim to such attacks, we urge users to stay vigilant: always double-check links and websites, and avoid searching for pirated software online.\u201d<\/em><\/p>\n\n\n\n

Learn more in the technical report on Securelist<\/a>.<\/p>\n\n\n\n

Kaspersky shares the following recommendations to avoid general cyberthreats when surfing the internet:<\/p>\n\n\n\n