It is widely known that with regard to cybersecurity, a user is often identified as the weakest link. This means that they become typical entry vectors for attacks and common social-engineering targets for hackers. Enterprises can also suffer from these individual weak links. Employees are sometimes unaware of online threats, or are unfamiliar with cybersecurity best practices, and attackers know exactly how to take advantage of this gap in security.
One way that attackers trick users is by luring them with unauthorized apps or installers carrying malicious payloads. We recently spotted some of these fake installers being used to deliver bundles of malware onto victims’ devices. These fake installers are not a new technique used by attackers; in fact, they are old and widely used lures that trick users into opening malicious documents or installing unwanted applications. Some users fall into this trap when they search the internet for free or cracked versions of paid applications.
Source: Trend Micro