Criminals use names of popular social meeting applications to distribute cyber-threats

File picture: Pexels

File picture: Pexels

Published Apr 11, 2020


With the rise of social distancing and the 21-day lockdown forcing many South Africans inside their homes, Kaspersky experts investigated the threat landscape for social meeting applications and found that cyber fraudsters distribute various cyberthreats under the guise of popular apps.

Analysis detected around 1300 files that have names similar to prominent applications like Zoom, Webex, and Slack. 

From those 1300 files, 200 various threats were detected. The most prevalent are two adware families – DealPly and DownloadSponsor.

Both families are installers that show ads or download adware modules. Such software typically appears on users’ devices once they are downloaded from unofficial marketplaces.

While adware is not a type of malicious software, it can still pose a privacy risk. 

In a few cases, Kaspersky experts found threats disguised as .lnk files. These are shortcuts to applications. 

In fact, the vast majority of them were detected as Exploit.Win32.CVE-2010-2568 - a quite old, yet still widespread malicious code that allows the attackers to infect some computers with additional malware.

A common social meeting application whose name is most used by criminals to try to distribute cyber threats is Skype. 

A total of 120 000 various suspicious files were found that use the name of this application. This particular name is used to distribute not only adware, but also various malware — particularly Trojans.

“To be clear: it doesn’t look like there is a dramatic spike in the number of attacks or number of files that are disguised as popular social meeting apps. The actual numbers of these files that we are seeing in the wild are quite moderate. They are not moderate when it comes to Skype, but this application, due to its popularity, has traditionally been a target for cyberthreat actors for many years," said Denis Parinov, security expert at Kaspersky.

"At the same time, we consider it important to let people know about the existence of such threats. In the current landscape, when most of us are working from home, it is extremely important to make sure that what we use as a tool for online social meeting is downloaded from a legitimate source, set up properly and doesn’t have severe unpatched vulnerabilities.”


Related Topics: