Kaspersky has uncovered that a Trojan-Downloader dubbed TookPS is being spread through malicious websites imitating popular remote access and 3D modeling software.
First observed by Kaspersky experts in early March, this Trojan infects users’ devices with backdoors, allowing for unauthorized stealth access to the victim’s system.
Kaspersky Threat Research experts warn that users are being lured to fake websites that mimic official pages or falsely claim to offer free downloads of popular software, such as UltraViewer, AutoCAD, and SketchUp, commonly utilized both for business and personal purposes.
However, when users click the ‘download’ buttons, they unknowingly get TookPS instead of the application they were looking for. The potential victims of this campaign could include both individuals and organizations.
Examples of malicious websites capitalizing on legitimate software brands
Once on the device, TookPS runs a series of scripts and technical processes that allow attackers to install a backdoor on the victim’s system, granting them hidden remote access and the ability to execute arbitrary commands.
Based on technical analysis of the malicious files, Kaspersky researchers also believe that there may be other lures — for example, those capitalizing on well-known software brands such as Ableton (used for music production) or Quicken (used for personal finance management).
“Earlier, we discovered several malicious campaigns that used DeepSeek’s brand as bait. One of the threats described was the TookPS.
As we now observe, it isn’t just pretending to be an AI tool, that was only the tip of the iceberg. This is a broader campaign, targeting both individuals and organizations, where malware is hidden under different guises to lure in as many potential victims as possible,” explains Vasily Kolesnikov, security expert at Kaspersky.
“To avoid falling victim to such attacks, we urge users to stay vigilant: always double-check links and websites, and avoid searching for pirated software online.”
Learn more in the technical report on Securelist.
Kaspersky shares the following recommendations to avoid general cyberthreats when surfing the internet:
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.
The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
