VirusTotal reveals apps most exploited by hackers to spread malware

VirusTotal reveals apps most exploited by hackers to spread malware

According to the latest research results from VirusTotalcybercriminals and threat actors are increasingly relying on cloned versions of genuine, common-use apps such as Adobe Reader, Skype and VLC Player to succeed in social engineering attacks.

Finding details

In their study of malware, researchers at Google’s VirusTotal revealed that cybercriminals use a variety of approaches to abuse the trust users place in many reputable apps.

The most widespread tactic is impersonates legitimate apps to deliver malware. In this technique, the app’s icon is replicated to win the victim’s trust and convince them to use the impersonated app. The intent behind this malicious new strategy is to bypass security solutions such as IP or domain-based firewalls on devices and spread malware via trusted domains.

Another commonly used attack tactic is to steal authentic signing certificates from legitimate software vendors and use them to sign malware. Reportedly, since 2021, over one million signed samples had been declared suspect.

About thirteen percent of the samples checked by Google’s team did not have a valid signature when they were first uploaded to VirusTotal, and over ninety-nine percent of them were DLL or Windows Portable Executable files.

This happens because the process of checking the validity of a signed file can be abused by malware, stated VirusTotal security engineer Vicente Diaz. This becomes worrisome when attackers start stealing legitimate certificates and creating one ideal supply chain attack scenario.

See also  WC apps pose a data security and privacy nightmare • The Register

The third technique is to include legitimate installers as a portable executable resource in malicious samples to run the installer when the malware is executed.

  1. Microsoft Office most exploited software in anti-malware attacks
  2. The US and China exposed the most databases among 380,000 found in 2021
  3. Fake reviews and third-party apps cause 50% of Android threats
  4. 134 million downloads in 85 countries: A look at VPN usage in H1 2020
  5. Google, Microsoft and Oracle generated the most vulnerabilities in 2021
  6. Google Drive accounted for 50% of malicious Office document downloads

Over 2 million suspicious files downloaded from top domains

According to VirusTotal blog poststen percent of top 1000 Alexa domains had distributed suspicious samples, including the domains commonly used to distribute files, and over 2 million shady files were downloaded from these domains.

Despite the technique’s simplicity, Diaz explains, it can effectively avoid raising red flags for the victim. That’s why many channels are becoming popular as potent distribution vectors for malware. This includes distribution of cracked software.

VirusTotal reveals apps most exploited by hackers to spread malware

Most abused websites and apps

The top three impersonating apps include the following:

  • Adobe Acrobat
  • VLC media player
  • Skype VoIP platform

When the researchers examined the URLs using web icon similarity, WhatsApp, Instagram, Facebook and iCloud were the four most abused websites.

“Adobe Acrobat, Skype and 7zip are very popular and have the highest infection ratios, probably making them the top three applications and icons to be aware of from a social engineering perspective.”


Furthermore, VirusTotal has detected 1,816 samples since January 2020 that mask legitimate software by hiding malware in installers for popular software such as Zoom, Google Chrome, Proton VPN, Brave and Mozilla Firefox.

See also  How do I know if my phone has been hacked?

Other impersonated apps by icon were TeamViewer, 7-Zip, CCleaner, Steam, Microsoft Edge, Zoom and WhatsApp. The abused domains included are discordappcom, squarespacecom, amazonawscom, mediafirecom and qqcom.

The reason attackers use these software and apps is currently unknown, but one reason may be their popularity, Diaz said.

More Malware News

  1. Malware families that use the Pay-Per-Install service to expand their targets
  2. This malware hides behind free VPN, pirated security software keys
  3. Fake KPSPico Windows Activation Tool KPSPico steals crypto wallet data
  4. Malware droppers for hire targeting users on fake pirated software sites
  5. Researchers warn of new variants of the ChromeLoader browser in the wild

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *