Most Often, Malware to Bypass Protection Impersonates Skype, Adobe Acrobat and VLC

Malware to bypass protection

VirusTotal analysts presented a report on the methods that malware operators use to bypass protection and increase the effectiveness of social engineering.

The study showed that attackers are increasingly imitating legitimate applications such as Skype, Adobe Reader and VLC Player to gain the trust of victims.

Let me remind you that we also wrote that Scammers spread malware under the mask of the Brave browser, and also that Hackers majorly use Microsoft and DHL brands in phishing attacks.

One of the simplest social engineering tricks we have seen is to make a malware sample look like a legitimate program. The icon is very important for such programs because it is used to convince victims that these programs are legitimate.experts say.

Attackers use various approaches to compromise endpoints by tricking users into downloading and running seemingly harmless executable files. Researchers report that in addition to Skype, Adobe Reader and VLC Player, hackers often disguise their programs as 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom and WhatsApp.

Such deception, among other things, is achieved through the use of legitimate domains in order to bypass firewall protection. Some of the most commonly abused domains are discordapp[.]com, squarespace[.]com, amazonaws[.]com, mediafire[.]com, and qq[.]com.

In total, the experts found at least 2.5 million suspicious files downloaded through 101 domains included in the list of 1000 best sites according to Alexa.

Another commonly used tactic is signing malware with valid certificates, usually stolen from software developers. Since January 2021, VirusTotal has detected over a million malware samples, of which 87% had a legitimate signature when they were first uploaded to the database.

VirusTotal also reports that it found 1,816 malware samples that disguised themselves as legitimate software, hiding in the installers of popular programs, including products such as Google Chrome, Malwarebytes, Zoom, Brave, Mozilla Firefox and Proton VPN.

Thinking about the methods of attackers in general, we can conclude that they can use both opportunistic factors (for example, stolen certificates) in the short and medium term, as well as routine (most common) automated procedures, within which they seek to visually reproduce [legitimate] applications.the researchers conclude.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published.