Fake Avast Phishing Site Steals Credit Card Data in Sophisticated Scam
Cybercriminals have deployed a highly convincing phishing campaign targeting French-speaking users by impersonating Avast’s official website. The fraudulent page, nearly indistinguishable from the legitimate site, displays a fake €499.99 charge for an Avast product, complete with dynamic timestamps that update to match the visitor’s system time. The scam employs psychological pressure, claiming users have only 72 hours to cancel while simultaneously stating transactions older than 48 hours cannot be reversed.
The site’s "refund form" harvests sensitive data, including full names, addresses, and credit card details (number, expiry, and CVV). To appear authentic, it validates card numbers using the Luhn algorithm before transmitting stolen information to the attackers’ server via a send.php script. After submission, victims see a deceptive confirmation message and a prompt to "uninstall Avast," further eroding security defenses.
Adding to the deception, the site includes a live chat widget (Tawk.to ID: 689773de2f0f7c192611b3bf), allowing operators to interact with victims in real time, guiding them through the fraudulent process. The scheme targets multiple victim profiles legitimate Avast customers, confused users, and opportunists without requiring account verification or license keys.
The campaign was identified by Malwarebytes, highlighting the risks of phishing tactics that exploit trusted brands and urgent financial alerts. No actual charges occur; the goal is solely to extract payment details under the guise of a refund.
Source: https://gbhackers.com/fake-avast-website/
Avast TPRM report: https://www.rankiteo.com/company/avast
"id": "ava1772015041",
"linkid": "avast",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'French-speaking users, '
'legitimate Avast customers, '
'confused users, and '
'opportunists',
'industry': 'Cybersecurity',
'name': 'Avast',
'type': 'Company'}],
'attack_vector': 'Fraudulent website impersonation',
'data_breach': {'data_exfiltration': 'Yes (via *send.php* script)',
'personally_identifiable_information': 'Full names, '
'addresses, credit '
'card details',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Payment information, personally '
'identifiable information'},
'description': 'Cybercriminals deployed a highly convincing phishing campaign '
'targeting French-speaking users by impersonating Avast’s '
'official website. The fraudulent page displayed a fake '
'€499.99 charge for an Avast product, complete with dynamic '
'timestamps that updated to match the visitor’s system time. '
'The scam employed psychological pressure, claiming users had '
'only 72 hours to cancel while stating transactions older than '
"48 hours could not be reversed. The site’s 'refund form' "
'harvested sensitive data, including full names, addresses, '
'and credit card details (number, expiry, and CVV). The site '
'validated card numbers using the Luhn algorithm before '
'transmitting stolen information to the attackers’ server via '
'a *send.php* script. After submission, victims saw a '
"deceptive confirmation message and a prompt to 'uninstall "
"Avast.' The site included a live chat widget (Tawk.to ID: "
'*689773de2f0f7c192611b3bf*) for real-time interaction with '
'victims.',
'impact': {'brand_reputation_impact': 'Erosion of trust in Avast brand',
'data_compromised': 'Credit card details (number, expiry, CVV), '
'full names, addresses',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Fraudulent website'},
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Exploitation of brand trust, '
'psychological pressure tactics, '
'lack of user verification'},
'references': [{'source': 'Malwarebytes'}],
'threat_actor': 'Cybercriminals',
'title': 'Fake Avast Phishing Site Steals Credit Card Data in Sophisticated '
'Scam',
'type': 'Phishing'}