The latest findings from VirusTotal reveals that cybercriminals and threat actors are increasingly relying on mimicked versions of genuine, common use apps to conduct social engineering attacks.
Threat actors deploy numerous approaches to abuse the trust users have in many reputable apps.
The most used tactic is mimicking legit apps to deliver malware. The app’s icon is replicated to gain the victim’s trust and convince them to use the mimicked app.
Another attack tactic is stealing authentic signing certificates from legit software vendors and using them for signing the malware.
The third technique is incorporating legit installers as a portable executable resource into malicious samples to execute the installer when malware is run.
The top three abused apps:
- Adobe Acrobat
- VLC media player
- Skype platform
While examining the URLs using web icon similarity, WhatsApp, Instagram, Facebook, and iCloud were the four most abused sites
VirusTotal discovered 1,816 samples masquerading legit software by hiding the malware in installers for popular software like Zoom, Google Chrome, Proton VPN, Brave, and Mozilla Firefox.
Other impersonated apps by icon were TeamViewer, 7-Zip, CCleaner, Steam, Microsoft Edge, Zoom, and WhatsApp. The abused domains included are discordappcom, squarespacecom, amazonawscom, mediafirecom, and qqcom.