Monday, March 4, 2024

PDF Malware Distribution Has Increased by 500%, as Reported by VirusTotal

A new edition of the “VirusTotal Malware Trends Report” series, which focuses mostly on “Emerging Formats and Delivery Techniques,” has been published by VirusTotal to understand the nature of malicious attacks better.

A representative subset of user submissions from January 2021 through the end of June 2023 was utilized for creating all the data in this report.

The attackers are increasingly employing new file types and tactics to circumvent detection. Email attachments continue to be a common means to propagate malware.

According to reports, campaigns are linked to reported rises of suspicious PDF files. Even while it seems as though the trend has gradually slowed down, it continues to encounter new campaigns in 2023, with the largest peak of suspicious PDF files ever recorded occurring in June 2023.

Also, attackers started adopting OneNote as a trustworthy substitute for macros in other Office applications in 2023, and antivirus (AV) software was originally taken aback by this new format.

 Additionally, there is a rise in the use of ISO files by hackers to disseminate malware, often by attaching them as compressed files that are challenging for security software to analyze.

Emerging Formats and Delivery Techniques

The installation packages for a range of software, including Windows, Telegram, AnyDesk, and malicious CryptoNotepad, are being disguised as ISO files.

Malware Distribution Trends

Despite being a relatively ancient strategy, spreading malware using email attachments experienced a rise in popularity as early as 2022.

To better understand the development of defenses and the efficacy of various social engineering approaches, attackers combine the use of well-known distribution routes for malware with new forms.

Malware Distribution Trends

“We have observed these PDFs being used for various purposes; for example, they could be “weaponized” to exploit a vulnerability, or simply contain a link to a phishing site that requests information”, according to the VirusTotal report.

By 2023, malware that is sent as an email attachment will increasingly be in the OneNote format. In 2023, it emerged as the most potent newcomer attachment format.

It allows attackers to include malicious URLs and other scripting languages, such as JavaScript, PowerShell, Visual Basic Script, and Windows Script, inside the document.

Due to its tremendous adaptability and resourcefulness for attackers, OneNote is now a trustworthy substitute for the traditional usage of macros by attackers in other Office products.

“Malicious OneNote files usually embed a malicious file (vba, html+jscript, PowerShell, or any combination of them) and, as happens with malicious Office attachments, try to convince the victim to allow execution”, reads the report.

Final Thoughts

The security industry must recognize the necessity for alternate file formats for malware transmission, and more effort must be made to thwart these emerging means of infection.

As legitimate websites are frequently used for malware distribution, it is advised that you monitor trends in malware distribution and actively check how your security stack responds to reduce infection risks proactively.

Include all logs to/from allowed legitimate websites in your analysis, and avoid focusing solely on anomalous traffic with your anomaly detection. 

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


Latest articles

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019....

New SSO-Based Phishing Attack Trick Users into Sharing Login Credentials  

Threat actors employ phishing scams to trick individuals into giving away important details like...

U.S. Charged Iranian Hacker, Rewards up to $10 Million

The United States Department of Justice (DoJ) has charged an Iranian national, Alireza Shafie...

Huge Surge in Ransomware-as-a-Service Attacks targeting Middle East & Africa

The Middle East and Africa (MEA) region has witnessed a surge in ransomware-as-a-service (RaaS)...

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

SolarWinds cyberattack was one of the largest attacks of the century in which attackers...

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles