Hackers can use different strategies to successfully infect user systems. For example, they can send an email with malicious attachments, create false pages, use social networks to steal information, etc. But they can also exploit apps to sneak in malicious software. By this means they can infect systems on both desktop computers and mobile devices.
We always say that it is very important to install applications only from official sources. This will precisely prevent attacks like the ones we are going to explain in this article. You can get to see how they infect your system just by installing a program that has been maliciously modified.
Most used Programs to Attack
The cybersecurity analysts at VirusTotal recently discovered that an increasing number of threats are being used to mask legitimate applications with fake versions. They are the ones most used to distribute malware. Logically, these are programs that are widely used, since in this way they have a greater probability of success.
The three programs are Adobe Reader, Skype & VLC Player. Do you have any installed? If so, it is important that you know if you have downloaded them from official sources or not. In case you have doubts and believe that you downloaded them from any page, without verifying if they are legitimate, it is best to uninstall them as soon as possible and use a good antivirus to analyse the computer.
Basically, what they do is mimic an app. They make the victim believe that they are downloading the legitimate file from Adobe Reader, Skype, or VLC Player, but it contains virus. The application icon will be the same, but it may have the ability to bypass security programs, firewalls and thus distribute malicious software.
Over 5% of the antivirus applications that were tested detected 78 files as potentially malicious out of approximately 80,000 unique files. A total of 10% of the top 1,000 domains according to Alexa had suspicious samples distributed across their websites. These domains were used to download more than 2 million shady files.
List of Apps Mimicked & Abused
Below is a list of apps that are mimicked and abused by the threat actors.
- Skype (Mimicked 28%)
- Adobe Reader (Mimicked 18.2%)
- VLC Player (Mimicked 17.6%)
- 7zip (Mimicked 11.5%)
- TeamViewer (Mimicked 7.5%)
- CCleaner (Mimicked 5.6%)
- Microsoft Edge (Mimicked 2.5%)
- Steam (Mimicked 2.3%)
- Zoom (Mimicked 1.8%)
- WhatsApp (Mimicked 0.8%)
Domains Used to Distribute Malware
- hxxps://cdn[.]discordapp[.]com
- hxxp://aaaenterprises[.]co
- hxxps://bit[.]ly
- hxxps://updatebrowser[.]org
- hxxps://anonymousfiles[.]io
- hxxp://192.210.173[.]40
- hxxps://uc1a9ed2ac0662c4ccfe1b1ab0b5.dl.dropboxusercontent[.]com
- hxxp://192.227.158[.]110
- hxxp://69.64.43[.]224
- hxxp://103.249.34[.]183
As per report, there were 1,816 samples found through VirusTotal since Jan 2020 that were mimicking legit software, and the malware remained hidden in popular software installation packages such Zoom, Google Chrome, Proton VPN, Brave, Mozilla Firefox.
What to do to be Protected?
So how can we be protected? Not only do you have to act against these three most hacked applications, but also avoid any other attack. The most important thing is common sense and not making mistakes. Always install programs from official sources. You can go to the web pages of that program or use application stores such as Google Play.
It’s also a good idea to have a good security program. An antivirus will help you detect threats of this type. For example, Windows Defender is a good option, but there are many others. The goal is to choose one with guarantees, one that is up-to-date and works as well as possible. You can even check for viruses without installing anything.
But in addition, it is essential to have the updated system correctly. Install any security patches or new versions that appear. It is something that you must apply both to the operating system itself and to any program you install. This will prevent cybercriminals from being able to exploit security flaws.
Last updated:
0 Comments