Hackers Leverage Popular Apps to Disguise Malware, Kaspersky Warns
London, UK – Cybercriminals are increasingly disguising malicious software as legitimate applications like ChatGPT, Microsoft Office, and Google Drive in an attempt to trick employees into downloading and installing threats, according to new findings from cybersecurity firm Kaspersky. The tactic exploits trust in well-known brands to bypass security measures and infiltrate corporate networks.
The surge in this type of deception highlights a critical need for enhanced employee awareness training and robust security protocols, experts say. Enabling staff to recognize the warning signs of cybercriminal activity is paramount to preventing accomplished attacks. “The best defense against complex malware isn’t the most expensive tool – it’s understanding how attackers think and closing the doors they’re looking for,” said Kaspersky’s Santiago Rivero.
This evolving threat landscape underscores a broader trend of attackers capitalizing on the popularity of widely-used software and services. By mimicking trusted applications, hackers aim to lower their victims’ guard and gain access to sensitive data or systems.
Kaspersky advises organizations to enforce strong authentication and authorization with strict password policies and multi-factor authentication (MFA). Regularly updating software and patching vulnerabilities are also crucial preventative measures. Furthermore, regular training sessions should focus on safe email practices, secure password management, recognizing phishing attempts, and the proper handling of sensitive data.
To minimize risk, all software should be sourced from official channels and centrally installed by the IT team. Clear access rules for emails, shared folders, and online services, coupled with ongoing user activity monitoring and prompt access revocation for departing employees, are also recommended.
