Cyber-criminal groups behind fake anti-virus (scareware/rogueware) infections have run into some significant roadblocks over the last few years. But, for the most part, the scareware program itself remains the same. The development continues to change and progress, all for the purpose of evading anti-malware solutions and helping coerce the end-user to pay for the fake product, including support/rootkit components like TDSS or the more recent Black Internet (also known as Trojan-Clicker.Cycler)”]
Source: https://securelist.com/understanding-current-trends-in-the-fake-anti-virusscareware-ecosystem/29741/