What is a fake antivirus? Rogue security software explained

What is a fake antivirus?

A fake antivirus, also called “rogue security software,” “scareware,” or “FakeAV,” is a type of malware designed to look like legitimate security software or an antivirus and trick you into thinking that your device has been infected.

At its core, fake antivirus software is a scam, and its creators prey on users’ fears and ignorance. It operates by displaying false alerts and exaggerated threat reports. These alerts may be obviously (though perhaps not to everyone) fake and displayed as a banner on some shady website. But sometimes they are meticulously crafted to mimic legitimate security warnings, making it challenging for the average user to distinguish between genuine and fake notifications.

The main goal of these alerts is to convince you that your device and data are at risk. Then it prompts you to download some software or purchase the premium version of the software you already have. You are led to believe that only that particular antivirus app will be able to get rid of the supposed infection.

How can a fake antivirus end up on my computer?

Creators of cyberthreats, including fake antivirus software, use a mix of techniques and user manipulation to distribute their malware. Some common methods include:

• Malvertising. Cybercriminals often use malicious ads to spread rogue antiviruses. Clicking on these ads can redirect you to compromised websites or initiate a direct software download.
• Phishing campaigns. Fake emails that appear to be from legitimate sources might contain links or attachments that lead you to install a fake antivirus. These messages often use scare tactics, like warning you about a breached account, to lure you into clicking.
• Bundled software. Sometimes, fake antiviruses come bundled with other software, especially free or pirated versions. You might think you’re downloading a legitimate app, only to find out you’ve also installed malware in the shape of a fake antivirus.
• Fake alerts. Virus warning pop-ups informing you that your computer is infected (when it’s not) can trick you into downloading a fake antivirus. These alerts often appear genuine, mimicking real system or browser warnings with their wording and design.
• Fake online scanners. Some websites claim to offer free online virus scans. However, instead of scanning your computer, these sites push fake antivirus downloads under the guise of deleting the detected threats.
• Social engineering. Cybercriminals might pose as tech support, reaching out via phone or email, convincing you to install their recommended antivirus solution.

How to detect a fake antivirus

Rogue antiviruses can be deceptive, but these telltale signs can help you identify them:

1. Unsolicited scans and alarming results. If an antivirus program starts scanning your computer without asking for user permission and displays alarming results, it’s a red flag.
2. Exaggerated threats. A rogue antivirus program will often display an unusually high number of threats right off the bat. If you’ve been using your device safely and suddenly see a barrage of infection warnings, be skeptical.
3. Persistent pop-ups. Constant pop-up alerts, especially those urging you to buy something immediately, are a hallmark of a fake antivirus program.
4. Urgency. Fake antivirus alerts typically aim to frighten you into thinking you must react instantly to avoid negative consequences. Scammers often use excessive exclamation marks and capital letters to heighten the sense of urgency.
5. Requests for money. If the virus alert asks for a payment, it’s probably fake antivirus software. Do not provide your payment details to any unknown websites.
6. A poorly designed interface. If the antivirus software’s interface looks amateur, has typos, or tries to poorly replicate the look of well-known antivirus solutions, it might be a fake.
7. Blocked access to trusted websites. If you find that certain websites of known cybersecurity tool developers are suddenly inaccessible, it could be the fake antivirus trying to prevent its removal by hijacking your browser, which genuine security software would never do.
8. Unexpected system behavior. Sudden system slowdowns, unexpected crashes, freezes, or unknown icons on your desktop usually indicate you have malicious software on your device, including a fake antivirus. This malicious software may include animations that mimic a computer crash, a tactic used to convince you that your device is infected.
9. Difficult to uninstall. Fake antiviruses often resist standard deletion methods. If a program is particularly challenging to remove or keeps reappearing, it’s a sign it’s malicious.

Examples of fake antivirus software

Fake antivirus software names are specifically made to sound legitimate and familiar, often mimicking genuine antivirus software brands to instill trust. New software disguised as antivirus software emerges constantly, but some variants have gained notoriety because of their widespread impact.

Antivirus 2009

Antivirus 2009 displayed exaggerated threat reports, urging users to purchase the “full version” to remove non-existent malware.

Security Tool

The generic name sounded trustworthy, but Security Tool bombarded users with fake security alerts, pushing them to buy its “premium version.”

XP Antivirus

Despite its name suggesting compatibility with Windows XP, this XP Antivirus targeted people using various Windows versions. It would generate and display fake alerts about system vulnerabilities to scare the users.

Mac Defender

Mac Defender attacked Apple users, offering fake malware removal tools for macOS, proving that Mac users were also a target.

Today you are more likely to come across banners and pop-ups designed to look like a system notification, prompting you to click and get rid of the dangerous viruses that supposedly reside on your device. Cybercriminals often design these to look like famous cybersecurity brands that offer antivirus software. Some of the more recent versions of rogue software include TotalAV (fake version), PC Protector Plus, and Advanced Mac Cleaner.

TotalAV (fake version)

A counterfeit version of TotalAV uses the name of a legitimate antivirus. This fake version shows fabricated security scans with severe threats, prompting users to purchase a “protection plan” to fix nonexistent problems.

PC Protector Plus

Rogue PC Protector Plus software imitates legitimate security solutions, bombarding users with constant pop-up warnings and fake malware detections. It aggressively pushes users to buy a premium version, claiming it’s the only way to clean the system.

Advanced Mac Cleaner

Despite targeting Mac users, Advanced Mac Cleaner often comes bundled with other free software downloads. Once installed, it displays numerous fake threats and urges users to buy the full version to “clean” the device.

How to remove fake antivirus software

Removing a fake antivirus can be challenging, especially since they are designed to resist standard removal methods. But it’s not impossible if you employ a systematic approach.

1. Start by disconnecting your computer from the internet to prevent the malware from communicating with its servers.
2. Then, boot into safe mode to limit the fake software’s ability to operate.
3. Once in safe mode, navigate to the Control Panel, find the list of installed programs, and delete the fake antivirus alongside any other unfamiliar or suspicious software.
4. After you’re done uninstalling, it’s a good idea to clear your temporary files as well.
5. Next, it’s crucial to ensure that all traces of the rogue antivirus program are gone. So run a full system scan using a reputable antivirus or anti-malware tool and delete any malicious files they find.

See our step-by-step guide for more detailed instructions on how to delete malware.

How to avoid fake antivirus software

Being vigilant and having good online habits are the best ways to reduce the risk of getting malware on your device in the future. Here are some other strategies to keep in mind:

• Use reputable security software. Always download software, especially security tools, from reputable sources or official developer websites. Avoid installing software you sourced from third-party sites, through pop-up ads, or unsolicited email links.
• Use antivirus or anti-malware solutions. Using legitimate antivirus or anti-malware software improves your internet security and helps detect and block fake antivirus programs before they can deceive you with false alerts or malicious actions. For more on the topic, check out our article on antivirus vs anti-malware.
• Use Threat Protection Pro™. This cybersecurity solution will restrict your access to known malicious websites, block dangerous ads, and scan your downloading files for malware. Remember, prevention is the best protection, so you should also consider employing firewalls for maximum protection.
• Use a VPN. A VPN can provide some protection against fake antiviruses by securing your internet connection and helping prevent certain types of malicious pop-ups or phishing attacks that distribute fake antivirus software. For example, the top-tier NordVPN bundles come with the Threat Protection ProTM solution, and together they form a powerful defense against malicious websites, intrusive ads, and phishing attempts that often distribute fake antivirus software. For more on the VPN topic, see our article on VPN vs antivirus.
• Keep your software up to date. Cybercriminals often exploit known vulnerabilities in outdated software, so keep your operating system, browsers, and apps updated — and pay special attention to updating your antivirus software.
• Educate yourself. Familiarize yourself with legitimate and reputable antivirus solutions. Knowing what legitimate antivirus software looks like can help you spot imposters.
• Be cautious of phishing. Be wary of phishing and avoid clicking on links or downloading attachments from unknown emails, messages, or pop-ups.
• Avoid free offers. Be skeptical of free offers — cybercriminals often lure victims with the promise of free security scans or tools, but you will be paying for them one way or the other.
• Run regular security scans. Schedule consistent scans with your trusted antivirus software to catch potential threats early. Regular checks help ensure your system stays clean and secure.

If you educate yourself on security threats, use reliable cyber protection software, and maintain secure online habits, fake antivirus software has very little chance of sneaking in. Most importantly, trust your instincts. If something feels off or too good to be true — like an antivirus that promises “total protection” for free — it probably is.