The Hacker News
reports that legitimate applications, including Adobe Reader, Skype, and VLC Player, have been increasingly impersonated by threat actors in social engineering attacks
Attackers looking to achieve social engineering attack success have also been spoofing Microsoft Edge, WhatsApp, Zoom, Steam, CCleaner, 7-Zip, and TeamViewer, according to a VirusTotal analysis.
"One of the simplest social engineering tricks we've seen involves making a malware sample seem a legitimate program. The icon of these programs is a critical feature used to convince victims that these programs are legitimate," said VirusTotal.
Malicious actors have also been exploiting legitimate domains to evade IP-based security protections, as well as misusing the Discord and Telegram platforms for malware hosting and attacker communications, respectively.
"When thinking about these techniques as a whole, one could conclude that there are both opportunistic factors for the attackers to abuse (like stolen certificates) in the short and mid term, and routinely (most likely) automated procedures where attackers aim to visually replicate applications in different ways," said researchers.