Beware fake AutoCAD, SketchUp sites dropping malware

Malware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer legitimate software for download, Kaspersky researchers have warned.

Malicious websites (Source: Kaspersky)

The list of impersonated software includes:

• UltraViewer (remote desktop software)
• AutoCAD (2D and 3D computer-aided design software app)
• SketchUp (3D modeling software)
• Ableton (music production software)
• Quicken (personal finance app)

“To protect against these attacks, users are advised to remain vigilant and avoid downloading pirated software, which may represent a serious threat,” they noted.

“Organizations should establish robust security policies prohibiting software downloads from dubious sources like pirated websites and torrents. Additionally, regular security awareness training is essential for ensuring a proper level of employee vigilance.”

The researchers have released indicators of compromise associated with these malware delivery campaign.