Cybercriminals Use Fake Tech Support to Spread Malware

Jan 2 · 2 min read ·

A widespread and evolving online threat is targeting everyday technology users. Cybercriminals are creating sophisticated scams that impersonate legitimate tech support, software updates, and popular applications to trick people into installing malicious software, or malware, on their devices.

The scams exploit common user concerns. One campaign uses fake AI chatbot websites that provide step-by-step guides, ending with an instruction to run a malicious command on a Mac computer [39983]. Another, called "ClickFix," disguises itself as a critical Windows update, hiding harmful code inside a normal-looking image file to evade detection [25602]. On mobile devices, fake applications posing as popular AI tools or Virtual Private Networks (VPNs) are being used to deliver malware that steals personal data [9870][10971][4151].

The techniques are not limited to fake software. A scam on the social media platform TikTok uses tutorial videos that instruct viewers to run harmful commands, which secretly install a password-stealing program [5999]. Even a simple typing error can lead to danger, as over 90% of unused "parked" web domains now automatically redirect to malicious sites hosting scams and malware [35524].

Once installed, this malware can have severe consequences. It is designed to steal sensitive information like banking logins and saved passwords, sometimes even capturing data from encrypted messaging apps [34087]. In some cases, it can give attackers remote control over the infected device [34087].

Security experts universally advise a cautious approach online. They recommend only downloading software and updates from official sources and company websites, not from pop-up ads or links in unsolicited messages [25602][39983]. For mobile apps, users should verify the developer, check reviews, and stick to official app stores [9870][34087]. To avoid phishing attempts, such as fake "cloud storage full" alerts, users should never click links in unexpected messages and instead log into services directly through their official websites or apps [10516].

The consistent theme across these reports is a malicious adaptation to user behavior, where trust in technology brands and the desire for quick solutions are being weaponized to compromise personal security.

Sources:

Sources

Fake AI Chatbots Now Push Malware to Macs #39983 **Windows Update? Hackers Hide Malware in Plain Sight** #25602 Beware of Fake AI Apps Delivering Malware #9870 New TikTok Scam Uses Fake Guides to Install Password-Stealing Malware #5999 **Typo Trouble: 90% of Parked Web Domains Now Host Scams** #35524 **Android Trojan Steals Bank Logins—Even From Encrypted Chats** #34087 Google Warns Android Users of Malware-Disguising VPN Apps #10971 Fake VPN Services Hijack Devices to Steal Money, Report Finds #4151 Beware of Fake 'Cloud Storage Full' Scams Targeting Precious Photos #10516