A malware‑bait refund scam impersonating Avast has been reported by Malwarebytes as fooling French‑speaking users into providing full credit card details under the guise of processing a €499.99 refund that never existed, the article published on 24 February 2026 states. The fraudulent page mirrors Avast’s branding, uses a live chat widget, and claims the transaction is recent, with the amount fixed at -€499.99 while the date is generated on load.
It then asks for standard personal details before prompting for card information, including card number, expiry date and CVV, which is sent to a backend script after submission. The operation also features a confirmation page and a nudging message to uninstall Avast, using a convincing interface to drive urgency and distrust. According to Malwarebytes, the campaign can affect several visitor profiles and highlights the risks of lookalike domains, urgent deadlines, and live support to harvest payment data at scale.