The icon of these programs is a critical feature used to convince victims that these programs are legitimate.
This is a common technique by which attackers use legitimate domains for malware distribution.
Some of the top exploited domains are discordapp[.
]com, squarespace[.
]com, amazonaws[.
]com, mediafire[.
]com, and qq[.]com.
Also, more than 99% of these signed files were Windows Portable Executable or DLL files.
source: www.techworm.net
