"VirusTotal Reveals Most Impersonated Software in Malware Attacks"

Threat actors are increasingly impersonating legitimate applications such as Skype, Adobe Reader, and VLC Player in order to take advantage of trust relationships and increase the likelihood of a successful social engineering attack. According to VirusTotal, the most impersonated legitimate apps by icon are 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp. Making a malware sample appear to be a legitimate program is one of the simplest social engineering tricks VirusTotal has seen. The icon of these programs is an important feature used to persuade victims that they are legitimate. Threat actors use various methods to compromise endpoints, including tricking unsuspecting users into downloading and running seemingly innocuous executables. In total, 2.5 million suspicious files downloaded from 101 domains in Alexa's top 1,000 websites were discovered. Discord abuse is well-documented, with the platform's Content Delivery Network (CDN) serving as a breeding ground for malware alongside Telegram, while also serving as an ideal communications hub for attackers. Another common technique is the use of valid certificates stolen from other software makers to sign malware. According to the malware scanning service, it has discovered over one million malicious samples since January 2021, with 87 percent of them having a legitimate signature when they were first uploaded to its database. Since January 2020, VirusTotal has discovered 1,816 samples of malware disguised as legitimate software by packaging the malware in installers for other popular software such as Google Chrome, Malwarebytes, Zoom, Brave, Mozilla Firefox, and Proton VPN. This article continues to discuss key findings from VirusTotal's recent report on its observations of different techniques used in the delivery of malware. 

THN reports "VirusTotal Reveals Most Impersonated Software in Malware Attacks"