Most Popular Software You Are Surely Using Are The Most Impersonated Software in Malware Attacks | Ron Benvenisti

An analysis from VirusTotal has revealed applications like Skype, Adobe Reader, 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, WhatsApp, Telegram and VLC Player have become the most impersonated software to increase the likelihood of a successful social engineering attack.

“One of the simplest social engineering tricks we’ve seen involves making a malware sample seem a legitimate program,” VirusTotal said in a Tuesday report. “The icon of these programs is a critical feature used to convince victims that these programs are legitimate.”

Compromising legitimate endpoints by tricking users into downloading and running seemingly innocuous executables is becoming more and more profuse.

How Is It Done:

By taking advantage of genuine domains in a bid to get around IP-based firewall defenses from some of the top abused domains like discordapp[.]com, squarespace[.]com, amazonaws[.]com, mediafire[.]com, and qq[.]com., whose servers host the popular apps.

As an example, no fewer than 2.5 million suspicious files downloaded from 101 domains belonging to Alexa’s top 1,000 websites have been detected.

The misuse of Discord (discordapp[.]com) with the platform’s content delivery network (CDN) becoming a fertile ground for hosting malware alongside Telegram, while also offering a “perfect communications hub for attackers.”

Stolen Security Certificates

Malware can show valid certificates stolen from other software makers. The malware scanning service said it found more than one million malicious samples since January 2021, out of which 87% had a legitimate signature when they were first uploaded to its database.

Counterfeit Installers

VirusTotal said it also uncovered 1,816 samples since January 2020 that masqueraded as legitimate software by packaging the malware in installers for other popular software such as Google Chrome, Malwarebytes, Zoom, Brave, Mozilla Firefox, and Proton VPN.

Legitimate Installers

Attackers manage to break into a legitimate software’s update server or gain unauthorized access to the source code, making it possible to sneak the malware in the form of malicious programming and cause havoc on supply chain logistics.

Legitimate application installers are also packed in compressed files along with the malware files. The legitimate Proton VPN installer contained malware that installs ransomware.

A third more sophisticated method incorporates the legitimate installer into the malicious sample so that the installer is also executed when the malware is giving the illusion that the software is working as intended.

“When thinking about these techniques as a whole, one could conclude that there are both opportunistic factors for the attackers to abuse (like the stolen certificates above) in the short and mid-term, and routinely (most likely) automated procedures where attackers aim to visually replicate applications in different ways,” the researchers said.

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

© Copyright | The Lakewood Scoop. All Rights Reserved