Scammers get sneaky: New malware distribution tactics revealed in Avast Threat Report

Emma McGowan 5 May 2023

The Avast Q1 2023 Threat Report reveals a 40% increase in phishing attempts and new malware distribution tactics that exploit trust in established brands like Microsoft and Adobe.

The first quarter of 2023 saw a notable rise in cyberattacks targeting trust in established tech brands Microsoft and Adobe, according to the Avast Q1 2023 Threat Report. The report also revealed a 40% increase in the share of phishing and smishing attacks from the previous year. Overall, two out of three threats people encounter online today use social engineering techniques, taking advantage of human weaknesses.

“If you think your data has no value then why would scammers spend so much time trying to steal it? The truth is that anyone can be affected and it is important to stay vigilant and use proper protection,” Jakub Kroustek, Avast Malware Research Director, says. “Unfortunately, scammers have made it nearly impossible to take any message as face value–all communications, whether seemingly from a friend, boss, or household brand, have potential to be fraudulent.” 

These attacks—including malware, scams, and phishing—aim to steal consumers' sensitive data such as passwords, Social Security numbers, and other personal information. When this information falls into the wrong hands, cybercriminals have the means to quickly steal someone's identity, which can result in a series of unfortunate events, from ruining credit scores to selling personal information on the dark web and even impersonating individuals to pass background checks. 

Scammers exploit trusted brands: Microsoft OneNote & Adobe Acrobat Sign  

The report shows that scammers know how to exploit people's trust in familiar brands. Avast has discovered this trend among two popular applications commonly used for work: Microsoft OneNote and Adobe Acrobat Sign. Scammers send out Microsoft OneNote files as email attachments to victims, triggering malware downloads when someone opens the attachment.  

Avast has detected malware like Qbot and Raccoon using this distribution technique to steal information, and has also observed IcedID, a banking Trojan, using OneNote attachments to steal money. During Q1 of 2023, Avast protected more than 47,000 global customers and over 18,000 U.S. customers from these types of attacks. 

Avast researchers have also observed cybercriminals exploiting Adobe Acrobat Sign by inserting malicious links into documents sent from legitimate Adobe email addresses. These links prompt victims to download .ZIP files containing a variant of the Redline Trojan capable of stealing passwords, crypto wallets, and more. 

“My advice is to take extra caution with any email asking you to download files or click on a link, even those that appear to be from reputable brands,” Kroustek says. “Cyber Safety software can act as a safety net for providing an extra layer of security to these types of savvy attacks that are increasingly targeting people.” 

Scammers go phishing: Phishing attacks up 40% 

The report also found that phishing continues to be a rising threat to consumers, with the share of global phishing attempts among all blocked threats in Q1 up 40% compared to the same period last year. One type of phishing scam on the rise is refund and invoice scams, in which fraudsters send false bills or invoices for goods or services never ordered or received. Scammers often use well-known household names with recognizable branding and logos to make these scams appear genuine. In Q1 2023, invoice scams rose 19% in the U.S. compared to Q4 2022. 

The pervasiveness of attacks via mobile text messages, or smishing attacks, is also contributing to the increase in phishing incidents. The issue has become so severe that in March of this year, the U.S. Federal Communications Commission (FCC) announced its first rules targeting smishing, requiring mobile service providers to block certain robotext messages likely to be illegal. 

“Scammers often play off victims’ emotions by creating a sense of urgency in their messages. If you receive an email or text out of the blue with an urgent request, or a message that seems too good to be true, take a few extra moments to verify it before acting,” says Jakub Kroustek. “Always take a close look to confirm that an email or text is coming from a trusted sender, and if you have any doubt, go directly to the source, whether that be a person you know or a company’s help portal.” 

The Avast Q1 2023 Threat Report demonstrates that scammers are using increasingly savvy tactics to trick people, including exploiting trust in well-known brands and taking advantage of people's emotions by creating a sense of urgency in their messages. Therefore, it's essential to take extra precautions with any email or text asking to download files or click on links, even those that appear to be from reputable brands. Cyber safety software, such as Avast's Web Shield technology, can act as a safety net by providing an additional layer of security to these types of attacks. 

Avast Free Antivirus, all Avast’s premium versions, and Avast Secure Browser provide top protection against phishing attacks, which is verified in quarterly tests by independent testing organization AV-Comparative.

Click here for the full Avast Q1 2023 Threat Report.

--> -->