Threat Actors Hide Malware In Legitimate — And High Profile — Applications – Cybersecurity Dive

Threat actors hide malware in legitimate — and high profile — applications – Cybersecurity Dive

Researchers from VirusTotal show how attackers use social engineering techniques to launch malicious attacks behind trusted applications.
The report highlights how attackers hide malware behind legitimate applications in order to trick users into installing what instead contains malicious files. 
Researchers said they found at least 2.5 million suspicious files — detected by at least five different antivirus programs — from the top 1,000 Alexa domains. 
Attackers are using trusted applications as bait to lure potential victims, according to Vicente Diaz, security engineer at VirusTotal, a unit of Google Cloud. 
“In some cases, such as supply chain attacks, attackers can steal or compromise legitimate infrastructure, source code or certificates used to sign legitimate applications,” Diaz said via email.
The report analyzes a softer version of this type of activity, “where attackers simply impersonate — using different techniques — legitimate applications or infrastructure in order to increase their success when targeting a victim,” he said.
For example, 10% of the top Alexa domains have previously distributed malicious samples.
In addition, 0.1% of legitimate hosts for widely used applications have distributed malware. 
Get the free daily newsletter read by industry experts
Guidelines call for developers to attest they use secure software practices.
Security executives from Zoom, NS1 and Oomnitza shared their security priorities for the rest of 2022, with a special emphasis on mastering the basics. 
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
Guidelines call for developers to attest they use secure software practices.
Security executives from Zoom, NS1 and Oomnitza shared their security priorities for the rest of 2022, with a special emphasis on mastering the basics. 
The free newsletter covering the top industry headlines

source

Leave a Comment

Leave a Reply

Your email address will not be published.

Record Expansion in Existing Customer Base and New Strategic Partnerships Drive SecZetta Q2 Revenue Growth – Business Wire

Drivers are turning to smart tech to make life easier – FleetPoint

For stronger cybersecurity in the remote work era, just say 'SASE' – Security Magazine

Matterport Partners with Technology Distributor TD SYNNEX to Integrate 3D Digital Twin Platform Across Network of 150,000 Resellers – Yahoo Finance