Computer criminals and hackers use a whole series of techniques to try to place their malicious files trying to make sure that users do not notice them and that computer security and antivirus systems do not detect them either. For this reason, they constantly try to camouflage themselves as legitimate applications and programs.
VirusTotal, an online service that scans more than two million files and websites a day against more than seventy anti-virus scanners and domain block lists, has released a report providing insight into the various deception methods used in the campaigns. of malware, among which the techniques of impersonation of applications and websites stand out.
The most supplanted applications
According to this cybersecurity website report, phishing attacks can direct users to download files from pages that appear to be part of familiar and trustworthy websites, but actually distribute Trojans designed to look like popular apps.
According to the VirusTotal report , Skype (28%), Adobe Acrobat (11.2%) and VLC (17.6%) are the programs and applications that criminals most often impersonate to sneak malware into builds, according to data they cover the period between January 2021 and last July 2022. Others that are also frequently supplanted are 7Zip, Team Viewer, CCleaner, Microsoft Edge, Steam, Zoom and WhatsApp.
The report also looks at malicious installers that bundle malware with real installers for popular software, using stolen signing keys. VirusTotal names Google Chrome, Malwarebytes, Windows Update, Zoom, Brave, Firefox, ProtonVPN, and Telegram as popular apps that threat actors like to bundle with malware.
The websites through which the most hackers impersonate
Another segment of this report reviews the use of favicons to make websites look like the real thing and gain the trust of unsuspecting users by using copies of favicons to visually mimic legitimate applications.
A is the little icon that appears at the top of a web browser when you visit a website, and according to VirusTotal, Whatsapp (23.5%), Instagram (22.5%), and Facebook (13%) favicons are the most used by malicious websites, which seem to have a particular fixation on Meta products.