VirusTotal, an online service that scans more than two million files and websites a day against more than seventy anti-virus scanners and domain block lists, has released a report providing insight into the various deception methods used in the campaigns. of malware, among which the techniques of impersonation of applications and websites.
The most supplanted applications
According to this cybersecurity website report, phishing attacks can direct users to download files from pages that appear to be part of familiar and trustworthy websites, but actually distribute Trojans designed to look like popular apps.
According to him virustotal report, Skype (28%), Adobe Acrobat (11.2%) and VLC (17.6%) are the programs and applications that criminals most often supplant to sneak malicious software into builds, according to data covering the period between January 2021 and last July 2022. Others that are also frequently supplanted are 7Zip, Team Viewer , CCleaner, Microsoft Edge, Steam, Zoom and WhatsApp.
The report also looks at malicious installers that bundle malware with real installers for popular software, using stolen signing keys. VirusTotal names Google Chrome, Malwarebytes, Windows Update, Zoom, Brave, Firefox, ProtonVPN, and Telegram as popular apps that threat actors like to bundle with malware.
The websites through which the most hackers impersonate
Another segment of this report reviews the use of favicons to make websites look like the real thing and gain the trust of unsuspecting users by using copies of favicons to visually mimic legitimate applications.
A is the little icon that appears at the top of a web browser when you visit a website, and according to VirusTotal, the favicons of WhatsApp (23.5%), Instagram (22.5%) and Facebook (13%) they are most often used by malicious websites, which seem to have a particular fixation on Meta products.
Other websites that are usually supplanted are iCloud, Discord, Microsoft Office, Microsoft Outlook, Twitter, Steam and Netflix, which close this particular Top 10.