Tuesday, April 22, 2025
HomeCyber Security NewsVirusTotal Reveals List of Most Mimicked Legitimate Apps in Malware Attacks

VirusTotal Reveals List of Most Mimicked Legitimate Apps in Malware Attacks

Published on

SIEM as a Service

Follow Us on Google News

The cybersecurity analysts at VirusTotal recently discovered that an increasing number of threats are being used to mask legitimate applications with fake versions.

In order to perpetrate social engineering attacks successfully, threat actors mimic the legit applications to achieve their goal.

Based on findings from VirusTotal, cybercriminals are able to exploit users’ trust by deploying a variety of methods to deceive them into downloading malicious applications.

- Advertisement - Google News

A popular method for delivering malware is to mimic legitimate applications to present them as legitimate ones. Using this technique, the victim is convinced to use the mimicked app after being persuaded of its authenticity by its icon.

This new malicious strategy is primarily designed to circumvent the barriers of security solutions. There has been an increase in the number of suspicious samples since 2021, according to reports.

Distributing Malware via Legitimate Domains

In addition to using social engineering techniques to hide malware, one of the most effective social engineering tactics is to pack the malware with legitimate software in order to disguise it as an installation package. 

When attackers gain access to the source code, server, or certificates for the official distribution, this will become a supply chain attack. VirusTotal has verified that all of the files submitted to them are from well-known legitimate domains. 

Over 5% of the antivirus applications that were tested detected 78 files as potentially malicious out of approximately 80,000 unique files.

A total of 10% of the top 1,000 domains according to Alexa had suspicious samples distributed across their websites. These domains were used to download more than 2 million shady files.

Apps Mimicked and Abused

Here below we have mentioned all the applications that are mimicked and abused by the threat actors:-

  • Skype (Mimicked 28%)
  • Adobe Reader (Mimicked 18.2%)
  • VLC Player (Mimicked 17.6%)
  • 7zip (Mimicked 11.5%)
  • TeamViewer (Mimicked 7.5%)
  • CCleaner (Mimicked 5.6%)
  • Microsoft Edge (Mimicked 2.5%)
  • Steam (Mimicked 2.3%)
  • Zoom (Mimicked 1.8%)
  • WhatsApp (Mimicked 0.8%)

Domains Used to Distribute Malware

Here below we have mentioned all the legit and top-ranking domains that are abused by the threat actors to distribute the malware:-

  • hxxps://cdn[.]discordapp[.]com
  • hxxp://aaaenterprises[.]co
  • hxxps://bit[.]ly
  • hxxps://updatebrowser[.]org
  • hxxps://anonymousfiles[.]io
  • hxxp://192.210.173[.]40
  • hxxps://uc1a9ed2ac0662c4ccfe1b1ab0b5.dl.dropboxusercontent[.]com
  • hxxp://192.227.158[.]110
  • hxxp://69.64.43[.]224
  • hxxp://103.249.34[.]183

There were 1,816 samples found through VirusTotal since January 2020 that were mimicking legit software, and the malware remained hidden in popular software installation packages such as the following:-

  • Zoom
  • Google Chrome
  • Proton VPN
  • Brave
  • Mozilla Firefox

To identify the methods malware uses to increase its effectiveness, it is essential to understand the techniques used to do so. By analyzing the data, future campaigns can be monitored and understood more actively.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Infostealer Attacks Surge 84% Weekly Through Phishing Emails

The volume of infostealer malware distributed through phishing emails has surged by 84% week-on-week...

North Korean IT Workers Use Real-Time Deepfakes to Infiltrate Organizations Through Remote Jobs

A division of Palo Alto Networks, have revealed a sophisticated scheme by North Korean...

New Phishing Technique Hides Weaponized HTML Files Within SVG Images

Cybersecurity experts have observed an alarming increase in the use of SVG (Scalable Vector...

Detecting And Blocking DNS Tunneling Techniques Using Network Analytics

DNS tunneling is a covert technique that cybercriminals use to bypass traditional network security...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Infostealer Attacks Surge 84% Weekly Through Phishing Emails

The volume of infostealer malware distributed through phishing emails has surged by 84% week-on-week...

North Korean IT Workers Use Real-Time Deepfakes to Infiltrate Organizations Through Remote Jobs

A division of Palo Alto Networks, have revealed a sophisticated scheme by North Korean...

New Phishing Technique Hides Weaponized HTML Files Within SVG Images

Cybersecurity experts have observed an alarming increase in the use of SVG (Scalable Vector...