The next time you install a much-talked-about application on your device or visit a popular website, check the file name or URL carefully. Latest research has revealed that Skype, Adobe Acrobat and VLC Player are the three most imitated apps by hackers, who create malware disguised as these apps.
Further, WhatsApp, Instagram and Amazon are the most spoofed websites created by hackers to distribute malware.
The revelations were made during a deep dive into malware distribution conducted by VirusTotal, a subsidiary of Google that looks into suspicious files, domains and websites to detect malware and other breaches, and shares them with the cybersecurity community.
Over the last 16 years that it has been operational, VirusTotal has analysed over two million malicious files per day from 232 countries across the globe. It recently observed an increase in ‘supply chain’ attacks, where attackers have started embedding their malware in the sources of authentic and popular software widely used by people across the world.
According to VirusTotal’s research, attackers have increasingly started disguising their malware to look like legitimate apps, and distributing them through common phishing methods. The three apps that are imitated the most are Skype (28%), Adobe Acrobat (18.2%) and VLC player (17.6%). Other apps that come close include 7zip, TeamViewer, CCleaner and Microsoft Edge.
All of these apps are the first choice for users in their respective functions. In a similar analysis of legitimate websites which are spoofed to host malware, VirusTotal found that 23% of the bogus websites were imitating WhatsApp, 22.5% were imitating Instagram and 13% were created to look like Amazon. All three websites are popular and come to mind first for messaging, social media and online shopping.
“Supply chain attacks are worrisome, for a good reason. The multiple techniques analysed in this report can have a similar impact on the victim’s defences. While they may seem less sophisticated than other forms of cyberattack, they can be a differentiating factor to succeed in a social engineering attack or bypass many existing security measures used by defenders,” VirusTotal stated in its report.
The best defence, in such cases, is vigilance. It is always recommended that apps be downloaded from legitimate apphosting platforms like Google Playstore. Any links or installer files shared via social media, even if they come from a known person, should always be treated with suspicion and ignored. Similarly, when searching for a website on a search engine, it is advisable to see the URL carefully and check for an “https” tag, experts say.
