Cybercriminals are tricking people into downloading malware by setting up a fake Bitdefender website that looks nearly identical to the real one. When users click the “Download for Windows” button, they unknowingly install VenomRAT, a tool that gives hackers remote access to their device and lets them steal passwords and other sensitive data.

The RAT’s “capabilities include remote access, stealing credentials, keylogging, exfiltration, and more,” according to DomainTools.

Researchers at DomainTools found that the malware bundle also includes two other tools, StormKitty and SilentTrinity, for a three-pronged attack:

“VenomRAT sneaks in, StormKitty grabs your passwords and digital wallet info, and SilentTrinity ensures the attacker can stay hidden and maintain control.”

“The implications of long-term access may include repeat compromise or selling access.”

Bitdefender said it found the fake site earlier in May and flagged it as malicious. It’s now working with partners like Cloudflare to take it down.

Because VenomRAT is sold on hacking forums, it’s hard to say who’s behind the attack. Bitdefender says its focus is on blocking these threats before they can cause harm.