VirusTotal showed which applications are most often disguised as malware
Alexander Antipov
The installed Adobe Reader can turn out to be a dangerous virus and steal your confidential data.
Attackers are increasingly imitating legitimate applications such as Skype, Adobe Reader, and VLC Player as a means of violating user trust and increasing the likelihood of a successful social engineering attack.
VirusTotal analysis showed that cybercriminals most often use the following legitimate applications to disguise the malware:
- 7zip
- teamviewer
- ccleaner
- Microsoft Edge
- steam
- zoom
“One of the simplest social engineering tricks is to make a malware sample look like legitimate software. The icon is an important part to convince the victim that this program is original,” VirusTotal said in a report.
It is also possible for an attacker to compromise a device by tricking the user into downloading and running a disguised executable file. In this case, the hacker uses real domains to bypass IP-based firewall protection. Most commonly used domains:
- discordapp[.]com,
- Squarespace[.]com,
- amazonaws[.]com,
- mediafire[.]com and
- qq[.]com.
In addition, the experts found at least 2.5 million suspicious files downloaded from 101 domains that belong to 1000 sites from the Alexa Top Websites list.
It is also common for hackers to sign malware with valid certificates stolen from other software vendors. More than a million malware samples have been observed since January 2021, of which 87% had legitimate certificates, according to VirusTotal.
Since January 2020, more than 1,800 disguised samples have packaged malware into installers for popular programs such as Google Chrome, Malwarebytes, Zoom, Brave, Mozilla Firefox, and Proton VPN.
Hackers can also include a legitimate installer as part of a malware sample. ve of the portable executable resource. In this case, the installer is executed when the malware is launched to give the illusion that the software is working correctly.