In today’s technology landscape, there is a dichotomy that while awareness of malware and its dangers may never have been greater, it is becoming increasingly difficult to avoid as proliferation techniques become more devious.
As if there weren’t enough tricks already, current research (opens in new tab) by internet security analysis company VirusTotal shows that some of the biggest applications out there are often impersonated for nefarious purposes.
Skype, Adobe Acrobat and VLC Media Player have been exposed by the company as the top three apps hijacked by attackers on the web. With other well known names on the list including 7Zip, Microsoft Teams, Steam, Zoom and WhatsApp. These apps are often faked online using imitations of their icons hosted on third party websites, thereby tricking users into downloading illegitimate software and subsequently installing malware on their devices.
Simplified social engineering
“One of the easiest social engineering tricks,” as VirusTotal puts it, is for attackers to merely clone the icons of these popular and trusted applications, thereby tricking users into downloading and running malicious software and infecting their systems.
While VLC Media Player was the third most impersonated apps, Adobe Acrobat, Skype, and 7Zip were found to have the highest infection rates – i.e. The report says “the top three applications and icons to look out for” when downloading software online.
However, this is not the only trust ploy the analytics company has picked up on in its reports, and similar behavior has been noted in website impersonation. Essentially, the company found a number of malicious websites that posed as legitimate by copying the genuine website’s favicon, ie the small logo that appears in browser tabs.
The most commonly cloned websites were WhatsApp, Instagram, Facebook, iCloud, and Discord, while the highest infection rate was found on iCloud, WhatsApp, and Skype.
The report also describes cases of software certificates — long a trusted method of verifying the legitimacy of programs — being stolen by malicious developers and used “to sign their malware, making it appear as if it came from legitimate software makers.” . A high-profile case of this, according to the research notes, was Nvidia stealing its code-signing certifications (opens in new tab) by the LAPSUS$ ransomware group.
Perhaps most frighteningly, VirusTotal also finds a high prevalence of malware being built into installation files within legitimate software bundles. Since the malware comes alongside legitimate software, the malicious code avoids raising suspicion and thus being detected. “These supply chain attacks work,” states the report, “when attackers gain access to the official distribution server, source code, or certificates.”
“We focused on the top legitimate installers run by malware and found installers that combined malware with installers for other popular software such as Google Chrome, Malwarebytes, Windows Update, Zoom, Brave, Firefox, ProtonVPN, and Telegram, among others” , he continues.
How to protect yourself from malware
While these tricks may be cunning, there are some easy ways to protect yourself from malware. Here’s how.
1. Make sure you are running one of the best antivirus software Packageslike Norton 360 Deluxe or Bitdefender Antivirus Plus as these have strong anti-malware protection that should also detect malware even if it has legitimate signed software certificates. Run regular system scans and delete all threats.
2. Only download software from official company websitesand Avoid downloading from third party websites if possible. Don’t assume an application or website is legitimate just because it has a recognizable logo.
3. If you have already downloaded software from a third-party website or need to use a website to download lesser-known software, Scan all downloaded files for malware with antivirus software before you run them and Run a system scan if you already have them installed.
#popular #apps #impersonated #spread #malware #heres #protect
Leave a Comment