Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack.
Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed.
“One of the simplest social engineering tricks we’ve seen involves making a malware sample seem a legitimate program,” VirusTotal said in a Tuesday report. “The icon of these programs is a critical feature used to convince victims that these programs are legitimate.”
This, in convert, is largely attained by getting benefit of legitimate domains in a bid to get all-around IP-based mostly firewall defenses. Some of the best abused domains are discordapp[.]com, squarespace[.]com, amazonaws[.]com, mediafire[.]com, and qq[.]com.
In total, no fewer than 2.5 million suspicious files downloaded from 101 domains belonging to Alexa’s top 1,000 websites have been detected.
VirusTotal said it also uncovered 1,816 samples since January 2020 that masqueraded as legitimate software by packaging the malware in installers for other popular software such as Google Chrome, Malwarebytes, Zoom, Brave, Mozilla Firefox, and Proton VPN.
Alternatively, legitimate installers are being packed in compressed files along with malware-laced files, in one case including the legitimate Proton VPN installer and malware that installs the Jigsaw ransomware.