What is a fake antivirus? Rogue security software explained

A fake antivirus, also called “rogue security software” or “scareware,” is a type of malware designed to trick you into thinking that your device is infected.

At its core, fake antivirus software is a scam and its creators prey on users’ fears and ignorance. It operates by displaying false alerts and exaggerated threat reports. These alerts can be quite obviously (though not to everyone) fake and displayed as a banner in some shady website. But sometimes, they are meticulously crafted to mimic legitimate security warnings, making it challenging for the average user to distinguish between genuine and fake notifications.

The main goal of these alerts is to convince you that your device and data are at risk. Then, it prompts you to download some software or purchase the premium version of the software you already have. You are led to believe that only that particular antivirus app will be able to solve your problem.

Examples of fake antivirus software

Fake antivirus software names are specifically made to sound legitimate and familiar, often mimicking genuine antivirus software brands to instill trust. New software disguised as antivirus emerge constantly, but some variants have gained notoriety because of their widespread impact.

Here are some infamous examples:

• Antivirus 2009. It would display exaggerated threat reports, urging users to purchase the “full version” to remove non-existent malware.
• Security Tool. The generic name sounded trustworthy, but Security Tool would bombard users with fake security alerts, pushing them to buy its premium version.
• XP Antivirus. Despite its name suggesting compatibility with Windows XP, this XP Antivirus targeted people using various Windows versions. It would generate and display fake alerts about system vulnerabilities to scare the users.
• Mac Defender. It attacked Apple users, offering fake malware removal tools for macOS, proving that not only Windows users were targeted.

Today you are more likely to come across banners and pop-ups designed to look like a system notification, prompting you to click and get rid of the dangerous viruses that supposedly reside on your device. These are often designed to look like famous cybersecurity brands that offer antivirus software.

When you download a fake antivirus, one of two scenarios happens.

Money-grabbing scam

If you end up with fake antivirus software on your device, you can expect it to constantly run unsolicited “scans” of your system. They will always be extremely quick and, without a doubt, report back to you with multiple threats and vulnerabilities found on your device. Needless to say, these are all completely made up.

It will then use scare tactics (some may even issue alarming and annoying audio alerts) to get you to do whatever the software asks you to. The creators of this type of software are betting that in your panic, you will follow the instructions without questioning them. This method is a form of cyber extortion.

Some fake antiviruses may urge you to buy the full/premium version. Others will claim you need to get a “virus removal license” every time a new threat on your device is reported. And if you cave in once, it’s likely those threats will appear on your device regularly.

Real malware

If you clicked on a flashy banner stating in all caps that your device is infected and you downloaded and installed some antivirus software, chances are, you got malware instead.

It’s likely that, at first, it will prompt you to buy the service and simply steal your money and credit card information. However, most malware disguised as antivirus software will continue to wreak havoc on your device.

It may block your access to genuine security software, collect and steal your data (usernames, passwords, and financial details), install spyware and other malicious software, and continue to be a constant nuisance, even reinstalling itself after deletion.

Creators of fake antivirus software use a mix of techniques and user manipulation to distribute their malware. Here are some common methods:

• Malvertising. Cybercriminals often use malicious ads to spread rogue antiviruses. Clicking on these ads can redirect users to compromised websites or start downloading the software directly.
• Phishing campaigns. Fake emails that appear to be from legitimate sources might contain links or attachments that lead you to install a fake antivirus. These messages often use scare tactics, like warning you about a breached account, to lure you into clicking.
• Bundled software. Sometimes, fake antiviruses come bundled with other software, especially free or pirated versions. Users might think they’re downloading a legitimate app, only to find out they’ve also installed malware in the shape of a fake antivirus.
• Fake alerts. Virus warning pop-ups informing users that their computer is infected (when it’s not) can trick them into downloading a fake antivirus. These alerts often appear genuine, mimicking real system or browser warnings with their wording and design.
• Fake online scanners. There are websites that claim to offer free online virus scans. However, instead of scanning your computer, these sites push fake antivirus downloads under the guise of deleting the detected threats.
• Social engineering. Cybercriminals might pose as tech support, reaching out via phone or email, convincing you to install their recommended antivirus solution.

Rogue antiviruses can be quite deceptive, but there are telltale signs that can help you identify them:

1. If an antivirus program starts scanning your computer without asking for user permission and displays alarming results, it’s a red flag.
2. Rogue antiviruses often display an unusually high number of threats right off the bat. If you’ve been using your device safely and suddenly see a barrage of infection warnings, be skeptical.
3. Constant pop-up alerts, especially those urging you to buy something immediately, are a hallmark of fake antivirus software.
4. If the antivirus software’s interface looks amateur, has typos, or tries to poorly replicate the look of well-known antivirus solutions, it might be a fake.
5. If you find that certain websites of known cybersecurity tool developers are suddenly inaccessible, it could be the rogue antivirus trying to prevent its removal by hijacking your browser.
6. Sudden system slowdowns, unexpected crashes, or unknown icons on your desktop usually indicate you have malicious software on your device, including a fake antivirus.
7. Fake antiviruses often resist standard deletion methods. If a program is particularly challenging to remove or keeps reappearing, it’s a sign it’s malicious.

Removing a fake antivirus can be a challenging endeavor, especially since they are designed to resist standard removal methods. But it’s not impossible if you employ a systematic approach.

Start by disconnecting your computer from the internet to prevent the malware from communicating with its servers and boot into Safe Mode to limit the fake software’s ability to operate.

Once in Safe Mode, navigate to the Control Panel, find the list of installed programs, and delete the fake antivirus together with any other unfamiliar or suspicious software. After you’re done uninstalling, it’s a good idea to clear your temporary files as well.

Next, it’s crucial to ensure that all traces of the rogue antivirus are gone. So run a full system scan using a reputable antivirus or antimalware tool and delete any malicious files they find.

Next, it’s crucial to ensure that all traces of the rogue antivirus are gone. So run a full system scan using a reputable antivirus or antimalware tool and delete any malicious files they find.

See our step-by-step guide for more detailed instructions on how to delete malware.

Being vigilant and having good online habits are the best ways to reduce the risk of getting malware on your device in the future. Here are some other strategies to keep in mind:

• Always download software, especially security tools, from reputable sources or official developer websites. Avoid installing anything you got from third-party sites, through pop-up ads, or unsolicited email links.
• Cybercriminals often exploit known vulnerabilities in outdated software, so keep your operating system, browsers, and apps updated — and pay special attention to updating your antivirus software.
• Familiarize yourself with the best and legitimate antivirus solutions available. Knowing what legitimate software looks like can help you spot imposters.
• Be wary of phishing and avoid clicking on links or downloading attachments from unknown emails, messages, or pop-ups.
• Be skeptical of free offers — cybercriminals often lure victims with the promise of free security scans or tools, but you will be paying for them one way or the other.
• Use Threat Protection — it will restrict your access to known malicious websites, block dangerous ads, and scan your downloading files for malware. Remember, prevention is the best protection, so you should also consider employing firewalls for maximum protection.