A dichotomy exists in today’s technology landscape, while awareness of malware and its dangers may have never been greater, it is becoming increasingly difficult to avoid as distribution techniques are getting more and more underhanded.
As if there weren’t enough schemes already, recent research (opens in a new tab) by internet security analysis firm VirusTotal shows that some of the biggest apps on the market are commonly imitated for nefarious purposes.
Skype, Adobe Acrobat and VLC Media Player were revealed by the company as the three apps most often imitated by online attackers. With other household names on the list including 7Zip, Microsoft Teams, Steam, Zoom and WhatsApp. These apps are usually faked online, using imitations of their icons hosted on third-party sites, which trick users into downloading illegitimate software and subsequently installing malware on their devices.
Simplistic social engineering
“One of the simplest social engineering tricks,” as VirusTotal puts it, is for attackers to simply clone the icons of these popular and trusted apps, thereby convincing users to download and run malware, infecting their systems.
While VLC Media Player was third in terms of the most common imitation, Adobe Acrobat, Skype and 7Zip were found to have the highest infection rate – i.e. the most decoys versus legitimate apps to download – what makes them, the report states “the top three apps and icons to be aware of” when downloading software online.
However, this is not the only trust trick the analytics company has picked up on in its reports, and similar behavior has been identified when it comes to impersonating websites. Essentially, the company found a number of malicious websites pretending to be legitimate by copying the real site’s favicon, i.e. the little logo that appears in browser tabs.
The most commonly cloned websites were WhatsApp, Instagram, Facebook, iCloud and Discord, while the highest infection rate was found with iCloud, WhatsApp and Skype.
The report also details cases of software certificates – for a long time a reliable means of verifying the legitimacy of programs – stolen by malicious developers and used “to sign their malware, making it appear as if it came from legitimate software manufacturers”. . A high profile case of this, according to the research notes, was that Nvidia had its code signing certifications stolen. (opens in a new tab) by the LAPSUS$ ransomware group.
Perhaps most chillingly, VirusTotal also notes a high prevalence of malware embedded in installer files in legitimate software packages. Since malware accompanies legitimate software, malicious code avoids suspicion and detection. “These supply chain attacks work,” the report asserts, “when attackers gain access to the official distribution server, source code, or certificates.”
“By focusing on the main legitimate installers run by malware, we found installers that bundled malware with installers for other popular software such as Google Chrome, Malwarebytes, Windows Update, Zoom, Brave, Firefox, ProtonVPN and Telegram, among others,” he continues.
How to protect against malware
While these tricks can be nifty, there are simple ways to protect yourself from malware. Here’s how.
1. Make sure you are using one of the best antivirus software packagessuch as Norton 360 Deluxe or Bitdefender Antivirus Plus, as they have strong anti-malware protection that should also detect malware even if they have legitimate signed software certificates. Run system scans regularly and remove all threats.
2. Only download software from official company websitesand avoid downloading from third party sites as soon as possible. Don’t assume that just because an app or website has a recognizable logo, it’s legitimate.
3. If you have already downloaded software from a third-party site, or need to use a site to download lesser-known software, scan all downloaded files for malware using antivirus software before executing them and run a system scan if you already have them installed.