Security News > 2022 > August > VirusTotal Reveals Most Impersonated Software in Malware Attacks
Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed.
"One of the simplest social engineering tricks we've seen involves making a malware sample seem a legitimate program," VirusTotal said in a Tuesday report.
Another oft-used technique is the practice of signing malware with valid certificates stolen from other software makers.
VirusTotal said it also uncovered 1,816 samples since January 2020 that masqueraded as legitimate software by packaging the malware in installers for other popular software such as Google Chrome, Malwarebytes, Zoom, Brave, Mozilla Firefox, and Proton VPN. Such a distribution method can also result in a supply chain when attackers manage to break into a legitimate software's update server or gain unauthorized access to the source code, making it possible to sneak the malware in the form of trojanized binaries.
Legitimate installers are being packed in compressed files along with malware-laced files, in one case including the legitimate Proton VPN installer and malware that installs the Jigsaw ransomware.
A third method, albeit more sophisticated, entails incorporating the legitimate installer as a portable executable resource into the malicious sample so that the installer is also executed when the malware is run so as to give an illusion that the software is working as intended.
News URL
https://thehackernews.com/2022/08/virustotal-reveals-most-impersonated.html
Related news
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- New RomCom malware variant 'SnipBot' spotted in data theft attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)