Saturday, November 9, 2024
Homecyber securityPDF Malware Distribution Has Increased by 500%, as Reported by VirusTotal

PDF Malware Distribution Has Increased by 500%, as Reported by VirusTotal

Published on

Malware protection

A new edition of the “VirusTotal Malware Trends Report” series, which focuses mostly on “Emerging Formats and Delivery Techniques,” has been published by VirusTotal to understand the nature of malicious attacks better.

A representative subset of user submissions from January 2021 through the end of June 2023 was utilized for creating all the data in this report.

The attackers are increasingly employing new file types and tactics to circumvent detection. Email attachments continue to be a common means to propagate malware.

- Advertisement - SIEM as a Service

According to reports, campaigns are linked to reported rises of suspicious PDF files. Even while it seems as though the trend has gradually slowed down, it continues to encounter new campaigns in 2023, with the largest peak of suspicious PDF files ever recorded occurring in June 2023.

Also, attackers started adopting OneNote as a trustworthy substitute for macros in other Office applications in 2023, and antivirus (AV) software was originally taken aback by this new format.

 Additionally, there is a rise in the use of ISO files by hackers to disseminate malware, often by attaching them as compressed files that are challenging for security software to analyze.

Emerging Formats and Delivery Techniques

The installation packages for a range of software, including Windows, Telegram, AnyDesk, and malicious CryptoNotepad, are being disguised as ISO files.

Malware Distribution Trends

Despite being a relatively ancient strategy, spreading malware using email attachments experienced a rise in popularity as early as 2022.

To better understand the development of defenses and the efficacy of various social engineering approaches, attackers combine the use of well-known distribution routes for malware with new forms.

Malware Distribution Trends

“We have observed these PDFs being used for various purposes; for example, they could be “weaponized” to exploit a vulnerability, or simply contain a link to a phishing site that requests information”, according to the VirusTotal report.

By 2023, malware that is sent as an email attachment will increasingly be in the OneNote format. In 2023, it emerged as the most potent newcomer attachment format.

It allows attackers to include malicious URLs and other scripting languages, such as JavaScript, PowerShell, Visual Basic Script, and Windows Script, inside the document.

Due to its tremendous adaptability and resourcefulness for attackers, OneNote is now a trustworthy substitute for the traditional usage of macros by attackers in other Office products.

“Malicious OneNote files usually embed a malicious file (vba, html+jscript, PowerShell, or any combination of them) and, as happens with malicious Office attachments, try to convince the victim to allow execution”, reads the report.

Final Thoughts

The security industry must recognize the necessity for alternate file formats for malware transmission, and more effort must be made to thwart these emerging means of infection.

As legitimate websites are frequently used for malware distribution, it is advised that you monitor trends in malware distribution and actively check how your security stack responds to reduce infection risks proactively.

Include all logs to/from allowed legitimate websites in your analysis, and avoid focusing solely on anomalous traffic with your anomaly detection. 

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...