logo

Deception at Scale: How Malware Abuses Trust

Conference:  Black Hat Asia 2023

2023-05-11

Authors:   Gerardo Fernandez Navarrete


Abstract

The attackers actively use techniques to disguise malware files as legitimate, including reliable distribution channels, stolen certificates, hiding malicious files in legitimate applications, or using system tools to deploy malicious activity. At VirusTotal, we have explored the evolution of these and other techniques. In fact, it was surprising to realize that more than one million signed files were sent in the past 12 months to our service, dozens of legitimate domains belonging to the Alexa Top 1k ranking were used to distribute malware, and there is a growing trend of mimicking legitimate applications when building malware, with Skype, Acrobat Reader, and VLC being the top 3. During this talk, we will analyze the evolution of these types of techniques, showing some examples of how they are being implemented and providing tools for monitoring them.

Materials: