Wednesday, June 19, 2024

PDF Malware Distribution Has Increased by 500%, as Reported by VirusTotal

A new edition of the “VirusTotal Malware Trends Report” series, which focuses mostly on “Emerging Formats and Delivery Techniques,” has been published by VirusTotal to understand the nature of malicious attacks better.

A representative subset of user submissions from January 2021 through the end of June 2023 was utilized for creating all the data in this report.

The attackers are increasingly employing new file types and tactics to circumvent detection. Email attachments continue to be a common means to propagate malware.

According to reports, campaigns are linked to reported rises of suspicious PDF files. Even while it seems as though the trend has gradually slowed down, it continues to encounter new campaigns in 2023, with the largest peak of suspicious PDF files ever recorded occurring in June 2023.

Also, attackers started adopting OneNote as a trustworthy substitute for macros in other Office applications in 2023, and antivirus (AV) software was originally taken aback by this new format.

 Additionally, there is a rise in the use of ISO files by hackers to disseminate malware, often by attaching them as compressed files that are challenging for security software to analyze.

Emerging Formats and Delivery Techniques

The installation packages for a range of software, including Windows, Telegram, AnyDesk, and malicious CryptoNotepad, are being disguised as ISO files.

Malware Distribution Trends

Despite being a relatively ancient strategy, spreading malware using email attachments experienced a rise in popularity as early as 2022.

To better understand the development of defenses and the efficacy of various social engineering approaches, attackers combine the use of well-known distribution routes for malware with new forms.

Malware Distribution Trends

“We have observed these PDFs being used for various purposes; for example, they could be “weaponized” to exploit a vulnerability, or simply contain a link to a phishing site that requests information”, according to the VirusTotal report.

By 2023, malware that is sent as an email attachment will increasingly be in the OneNote format. In 2023, it emerged as the most potent newcomer attachment format.

It allows attackers to include malicious URLs and other scripting languages, such as JavaScript, PowerShell, Visual Basic Script, and Windows Script, inside the document.

Due to its tremendous adaptability and resourcefulness for attackers, OneNote is now a trustworthy substitute for the traditional usage of macros by attackers in other Office products.

“Malicious OneNote files usually embed a malicious file (vba, html+jscript, PowerShell, or any combination of them) and, as happens with malicious Office attachments, try to convince the victim to allow execution”, reads the report.

Final Thoughts

The security industry must recognize the necessity for alternate file formats for malware transmission, and more effort must be made to thwart these emerging means of infection.

As legitimate websites are frequently used for malware distribution, it is advised that you monitor trends in malware distribution and actively check how your security stack responds to reduce infection risks proactively.

Include all logs to/from allowed legitimate websites in your analysis, and avoid focusing solely on anomalous traffic with your anomaly detection. 

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


Latest articles

Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards...

Chrome Security Update – Patch for 6 Vulnerabilities

Google has announced a new update for the Chrome browser, rolling out version 126.0.6478.114/115...

Hackers Weaponize Windows Installer (MSI) Files to Deliver Malware

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by a threat actor group,...

Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data

Hackers are offering "free" mobile data access on Telegram channels by exploiting loopholes in...

New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication

Several phishing campaign kits have been used widely by threat actors in the past....

Stuxnet, The Malware That Propagates To Air-Gapped Networks

Stuxnet, a complex worm discovered in 2010, targeted Supervisory Control and Data Acquisition (SCADA)...

Threat Actors Claiming Breach of AMD Source Code on Hacking Forums

A threat actor named " IntelBroker " claims to have breached AMD in June...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles