Thursday, March 28, 2024

VirusTotal Reveals List of Most Mimicked Legitimate Apps in Malware Attacks

The cybersecurity analysts at VirusTotal recently discovered that an increasing number of threats are being used to mask legitimate applications with fake versions.

In order to perpetrate social engineering attacks successfully, threat actors mimic the legit applications to achieve their goal.

Based on findings from VirusTotal, cybercriminals are able to exploit users’ trust by deploying a variety of methods to deceive them into downloading malicious applications.

A popular method for delivering malware is to mimic legitimate applications to present them as legitimate ones. Using this technique, the victim is convinced to use the mimicked app after being persuaded of its authenticity by its icon.

This new malicious strategy is primarily designed to circumvent the barriers of security solutions. There has been an increase in the number of suspicious samples since 2021, according to reports.

Distributing Malware via Legitimate Domains

In addition to using social engineering techniques to hide malware, one of the most effective social engineering tactics is to pack the malware with legitimate software in order to disguise it as an installation package. 

When attackers gain access to the source code, server, or certificates for the official distribution, this will become a supply chain attack. VirusTotal has verified that all of the files submitted to them are from well-known legitimate domains. 

Over 5% of the antivirus applications that were tested detected 78 files as potentially malicious out of approximately 80,000 unique files.

A total of 10% of the top 1,000 domains according to Alexa had suspicious samples distributed across their websites. These domains were used to download more than 2 million shady files.

Apps Mimicked and Abused

Here below we have mentioned all the applications that are mimicked and abused by the threat actors:-

  • Skype (Mimicked 28%)
  • Adobe Reader (Mimicked 18.2%)
  • VLC Player (Mimicked 17.6%)
  • 7zip (Mimicked 11.5%)
  • TeamViewer (Mimicked 7.5%)
  • CCleaner (Mimicked 5.6%)
  • Microsoft Edge (Mimicked 2.5%)
  • Steam (Mimicked 2.3%)
  • Zoom (Mimicked 1.8%)
  • WhatsApp (Mimicked 0.8%)

Domains Used to Distribute Malware

Here below we have mentioned all the legit and top-ranking domains that are abused by the threat actors to distribute the malware:-

  • hxxps://cdn[.]discordapp[.]com
  • hxxp://aaaenterprises[.]co
  • hxxps://bit[.]ly
  • hxxps://updatebrowser[.]org
  • hxxps://anonymousfiles[.]io
  • hxxp://192.210.173[.]40
  • hxxps://uc1a9ed2ac0662c4ccfe1b1ab0b5.dl.dropboxusercontent[.]com
  • hxxp://192.227.158[.]110
  • hxxp://69.64.43[.]224
  • hxxp://103.249.34[.]183

There were 1,816 samples found through VirusTotal since January 2020 that were mimicking legit software, and the malware remained hidden in popular software installation packages such as the following:-

  • Zoom
  • Google Chrome
  • Proton VPN
  • Brave
  • Mozilla Firefox

To identify the methods malware uses to increase its effectiveness, it is essential to understand the techniques used to do so. By analyzing the data, future campaigns can be monitored and understood more actively.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles