TREND MICRO INC. It is widely known that with regard to cybersecurity, a user is often identified as the weakest link. This means that they become typical entry vectors for attacks and common social-engineering targets for hackers. Enterprises can also suffer from these individual weak links. Employees are sometimes unaware of online threats, or are unfamiliar with cybersecurity best practices, and attackers know exactly how to take advantage of this gap in security.
One way that attackers trick users is by luring them with unauthorized apps or installers carrying malicious payloads. We recently spotted some of these fake installers being used to deliver bundles of malware onto victims' devices. These fake installers are not a new technique used by attackers; in fact, they are old and widely used lures that trick users into opening malicious documents or installing unwanted applications. Some users fall into this trap when they search the internet for free or cracked versions of paid applications.
Looking inside the fake installers
We saw users trying to download cracked versions of non-malicious applications that had limited free versions and paid full versions, specifically, TeamViewer (a remote connectivity and engagement solutions app), VueScan Pro (an app for scanner drivers), Movavi Video Editor (an all-in-one video maker), and Autopano Pro for macOS (an app for automated picture stitching).
One example that we dive into here involves a user who tried to download an unauthorized version of TeamViewer (an app that has actually been used as camouflage for trojan spyware before). The user downloaded a malicious file disguised as a crack installer for the application.
Attachments
- Original document
- Permalink
Disclaimer
Trend Micro Inc. published this content on 27 September 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 27 September 2021 12:11:09 UTC.
