Security researchers at Kaspersky have identified a malicious campaign involving a Trojan-Downloader known as TookPS, which is distributed through fraudulent websites masquerading as legitimate sources for popular software.
These fake sites offer free downloads of applications such as UltraViewer, AutoCAD, and SketchUp, tricking users into installing the Trojan instead.
Since its discovery in early March, TookPS has been found to infect both individuals and organizations, enabling attackers to gain unauthorized access to compromised systems.
Upon infection, TookPS executes scripts to install a backdoor, allowing attackers remote access and command execution capabilities.
Kaspersky warns that similar tactics may target other well-known software brands, such as Ableton and Quicken, to lure victims.
Vasily Kolesnikov, a Kaspersky security expert, emphasizes the broader scope of this campaign, noting that TookPS is not limited to impersonating AI tools but uses multiple disguises to maximize its reach. He advises users to remain cautious, verifying links and avoiding pirated software downloads.
To mitigate risks, Kaspersky recommends using modern security solutions like Kaspersky Next and Kaspersky Premium.
Users should also practice safe browsing by directly entering web addresses and verifying links before clicking. Organizations are encouraged to enforce strict security policies and conduct regular cybersecurity training.
