VirusTotal, based in Malaga and owned by Google Cloud, is the world’s leading threat sharing and malware analysis platform. In the last 16 years, it has analyzed more than 2 million files per day originating in more than 232 countries.
He has just published his report “Deception at Scale: How Malware Abuses Trust,” in which he explains how malware works that is causing so many problems in the world.
The study of VirusTotal paints a worrying picture, because cybercriminals are managing to introduce malware through legitimate installations, including valid website and application signatures. The user is defenseless, because the protection barriers detect that these applications or websites are legitimate.
According to that report, 10% of the top 1,000 Internet domains have distributed suspicious samples. 87% of the more than one million signed malicious samples uploaded to VirusTotal since January 2021 have a valid signature.
In a growing trend of social engineering, 4,000 samples ran or were bundled with legitimate application installers.
There is a particularly interesting section: the applications used by cybercriminals to install spyware. They clone widely used apps by making the victim believe that the original software is installed, but in fact a malware-infected clone is installed.
According to VirusTotal, the most used applications by cybercriminals are Skype, Adobe Acrobat, VLC and 7zip. But in the graph they are also CCleaner, Steam, Zoom and WhatsApp:
Most of them are widely used applications, which are always installed on new phones or PCs, such as the VLC media player, the 7zip file decompressor, the Steam gaming platform, or the CCleaner space cleaner.
There are also several applications for video calls and collaborative work, such as Skype, Team Viewer or Zoom.
If you are going to install these applications on your PC and mobile, make sure that you are downloading them from the original website. If you download them from another site, there is a high percentage that they contain malware.