Cybercriminals take every opportunity to steal money from their victims, resorting to all kinds of tricks. Some use malware that tries to infiltrate various devices through trickeryabusing the trust of users.
VirusTotal, a malware analysis platform belonging to Google Cloud and headquartered in Malaga, has published a study on the methods most used by attackers. To conduct the investigation, VirusTotal has analyzed millions of samples of suspected fraudulent software that its service detected between 2021 and so far in 2022.
According to the study, cybercriminals try to get their victims to trust them by using legitimate domains, stolen digital certificates, adding the malware to a program’s installation package, or disguising the malware as benign software.
The use of legitimate domains
Using legitimate domains, fraudsters bypass protections such as firewalls by restricting certain IPs and domains. The most used is discordapp.com and others are squarespace.com, amazonaws.com, mediafire.com, qq.com, fc2.com, baidu.com, live.com, and archive.org.
VirusTotal notes that 10% of the 1,000 most visited domains on the Internet (according to Alexa) distributed malware.
stolen digital certificates
Some cybercriminals use stolen digital certificates to sign their rogue software. In this way, they pretend to come from legitimate sources.
87% of the samples analyzed by VirusTotal have a valid digital signature.
Insert the malware into the installer of a legitimate app
VirusTotal found more than 4,000 samples of malware packaged in installers of different programs, such as Google Chrome, Malwarebytes, Windows Update, Zoom, Brave, Firefoox, ProtonVPN and Telegram.
These installation packages were downloaded from websites such as cloudfront.net, infocarnames.ru, hotaction.online, imgfarm.com, mediadownloader25, discordapp.com, amazonaws.com, yandex.net, winzipdriverupdater.com, and telegram-rus.ru
Supposed legitimate apps that are malware
Other cybercriminals directly impersonate an application known to users to introduce Trojans to their devices. Some of the most imitated platforms are Skype (28%), Adobe Acrobat (18.2%), VLC (17.6%), 7zip (11.5%), TeamViewer (7.5%), CCleaner (5.6%), Microsoft Edge (2.5%), Steam (23%), zoom (1.8%) and WhatsApp (0.8%).
Sign up for our newsletter and receive the latest technology news in your email.