Beware, cybercriminals infiltrate trusted software

Increasingly, hackers and cybercriminals use trusted tech brand names and software that users already have faith and trust in, in which to hide malicious means of attack. 

The ‘hiding in plain sight’ approach has recently been utilised by cybercriminal to dramatic effect. A warning to us all never to take anything online for granted and double-check every detail of known names, including website and platform names and URLs. 

Even legitimate tools can be infiltrated 

Unfortunately it could be the case that trusted tools and sources are not as secure as users believe. Including Windows, and Google Play. A harsh reality of the online world most of us are operating in, but, as always, it’s good to be aware and remain vigilant.  

Here are a couple of recent examples, it’s useful to know about. 

Windows Advanced Installer used for malware   

A cybercriminal scheme, recently uncovered, targets systems utilising high Graphics Processing Units (GPUs) commonly used by graphic designers and 3D modellers. Users in architecture, engineering, entertainment, construction and manufacturing have been affected due to their prolific use of GPUs.  

It has been reported that cybercriminals have exploited Windows Advanced Installer, a legitimate Windows tool for software packaging, such as Adobe Illustrator, where they have placed scripts designed to mine cryptocurrency on machines with high GPUs.  

Threat estimated to be active since November 2021 

This type of trojanising software, which means malware that disguises itself as, or within, legitimate software, has been able to operate stealthily in the background of targeted GPUs for long periods of time undetected to traditional security tools, causing a lasting effect to those organisations infiltrated.  

Infected messenger apps on Google Play 

Fake Telegram apps on Google Play have been found to be downloaded by over 60,000 users. And, previously this year, cloned WhatsApp sites were discovered. Both contained malware that allowed the threat actors to spy on their targets. 

Google Play and Samsung Galaxy Store have since removed these apps and users are strongly recommended to only use genuine, trusted versions of messaging apps and not fall for the temptation of downloading apps that look similar and may promise all kinds of enhanced features.  

Use only the genuine, official app 

Cybercriminals were able to introduce malicious code into the look-a-like apps after Google’s business screening and installation process had taken place - a huge gap in the security process.  

Now, a business verification system has since been implemented by Google for apps on Google Play, aiming to enhance security. But users should take the warning, that just because an app is available on Google Play, doesn’t make it guaranteed to be safe.  

If it looks suspect – it is 

Cybercriminals will utilise images and icons that look like the genuine app, and use messaging to replicate the style of them.  

But users should note that however similar an app may look to the legitimate version, stay clear and report the threat actor to your head of IT security. 

Work with security teams 

Threats that disguise themselves as legitimate bodies rely on misinformation, doubt and lack of up-to-date knowledge, so the more operations and security teams can work together across traditional ‘group’ working, the better.  

Use performance monitoring 

“Particularly where malicious software may be working away in the background; sharper performance monitoring techniques could potentially detect any suspicious activity. Where performance monitoring isn’t used, threats can simply go on, undetected.” 
Shaun Wilders, Managing Director of Cultrix.  

Improve your cybersecurity 

Systems monitoring and maintenance by cybersecurity experts can help you to remain as safe as possible from cybercrime. Make sure you’re protected, in every aspect of your operation, get in touch with Cultrix today to discuss your improved cybersecurity. 

< Read more articles on our IT Academy