This threat involves a malicious website that impersonates the Avast antivirus brand to deceive users into running a fake virus scan. The site falsely reports threats and prompts users to download a malicious file posing as a system cleaner. This file is part of the Venom Stealer malware family, which targets sensitive information including browser credentials, session cookies, and cryptocurrency wallets. The malware uses evasion techniques such as direct system calls and debugger detection to avoid security tools. Exfiltration of stolen data is conducted to a command-and-control server masked as an analytics service. The campaign exemplifies a scare-and-fix scam leveraging brand trust to distribute malware.

Successful infection results in theft of sensitive user data including browser credentials, session cookies, and cryptocurrency wallets. The malware's evasion techniques reduce the likelihood of detection by security software. Data exfiltration to a disguised command-and-control server enables attackers to collect stolen information for further malicious use. There are no known exploits in the wild beyond this campaign, and no direct patch or fix is applicable as this is a social engineering and malware distribution threat.

No official patch or fix is available since this is a social engineering attack involving a fake website and malware distribution. Users should be educated to avoid downloading software from untrusted or suspicious websites, especially those impersonating legitimate brands. Security teams should update endpoint protection solutions to detect Venom Stealer and monitor for indicators such as the hashes and domain 'app-metrics-cdn.com' associated with this campaign. Blocking access to known malicious domains and educating users about scare-and-fix scams are recommended mitigations.