VirusTotala well-known file analysis site to find out if they are malware or if they are “healthy”, reveals to us which software is more harmful; or rather, it reveals us which programs these malware try to imitate.
But what does all this mean?
It means for example you think you are downloading a secure cracked Spotify, but you are in reality by downloading exactly the malware we are talking about.
VirusTotal briefly explains how bad guys work with deceptive software
Basically software programmers not really with good intentions, including that of stealing personal data or having fun with your devices, try to imitate the most common applications: Skype, VLC and Adobe so that you click, but you have a surprise, to understand us .
Other highly imitated applications that actually hide malware are: 7-ZIP, TeamViewer, Ccleaner, Microsoft Edge, Steam, Zoom and WhatsApp.
“One of the most trivial social engineering tricks we’ve seen is to make malware look like legitimate software,” VirusTotal stated in last Tuesday’s report, “The icon of this software is a critical feature used to convince the victim that the program is legitimate.”
So it’s no surprise that these bad guys have a huge variety of approaches to being able to replicate the bogus software (the icon, at least) that is actually malware and have it downloaded with confidence.
Note that this is not just about applicationsbut also some quite famous sites related to relatively famous software: discordapp.com, squarespace.com, amazonaws.com, mediafire.com, and qq.com, just to give a few examples.
In short: VirusTotal found as many as 2.5 million suspicious files trying to mimic popular software, downloaded from 101 domains, and 1000 suspicious sites were found.
Misuse of Discord that it is well documented is, together with Telegram, a real repository of Malware, becoming perfect means for hackers (or rather crackers).
Another technique widely used by hackers is to have stolen software signed with valid certificates. A malware program such as Malwarebytes, for example, it may not be able to detect the malicious software in question.
The malware scanning service has found over a million suspicious files since January 2021.
VirusTotal also discovered 1816 software samples from January 2020 that mimicked the installation files of several popular programs: Google Chrome, Malwarebytes, Zoom, Brave, Mozilla Firefox, and ProtonVPN.
In some cases, some of these software even have (apparently) legitimate updates, making these software real Trojans.
It’s not all. Another sophisticated method is to imitate the installer, so much so that you believe that you have actually installed the actual program, when in reality you are installing the malware.
This escapes the check of the antivirus or a good antimalware (like Malwarebytes) because malicious people use certificates that have been stolen in some way.
So how do you protect yourself from these software-mimicking malware?
As trivial as it may seem, the advice is only one: be careful of the sources you draw from.
Similar to a fake login (which imitates the login page or software of Instagram, Facebook and company), here it is the same: if you see that the URL does not match that of the site, simply: do not click and do not download anything.
VirusTotal however is not a guide, and it does not tell you how to be careful, but when you browse it is very easy to find even on search engines like Google, because keywords are used on purpose to index deceptive malware software.
This isn’t even a computer literacy problem: but of simple attention; after all, if the majority of people were careful, such deceptive malware that mimics well-known software would not exist!
In case the malware in question should not be revealed by the antivirus or antimalware: also forcibly remove it.
VirusTotal does not explain it, but there are software like Revo Uninstaller can not only remove programs in an “entire” way, also deleting the remaining folders and files without having to do it manually, as well as the registry keys.
#VirusTotal #Software #Copied #Malware #Attacks