Google Site Meant To Protect Users Being Used By Hackers For Their Attacks

Google's VirusTotal site was originally designed to test if files and software codes contain any malicious bugs. But now, cyber attackers are using the same site to hone the effectiveness of their hacking codes, Wired reported.

VirusTotal was first developed in 2004 by Spain's Hispasec Sistemas. It was later on acquired by Google in 2012. The site works by scanning uploaded files for any malicious content.

Before releasing new software, large companies such as Microsoft and Google turn to VirusTotal to make sure the codes perform their intended functions and they're glitch-free.

Hackers do the same by, for example, using the site to make sure that their codes will be undetected by their potential victim's antivirus software.

This revelation was made by security researcher Brandon Dixon. After years of monitoring the activities on the site, Dixon was able to confirm that two well-known hacker groups use VirusTotal before launching their cyber attacks, according to Engadget.

Based on his findings, the hacker group Comment Crew, commonly known as APT1 by other security researchers, extensively use VirusTotal.

Comment Crew is sponsored by China's government and is closely tied to its military force, the New York Times reported. The group is responsible for hacking into the networks of companies from other countries such as Coca-Cola to steal terabytes of data.

The most recent activity of the group involves attacking Telvent, a U.S.-based company that monitors the software used in oil and gas pipelines, water systems and the country's electrical power grid.

The second group Dixon spotted is NetTraveler. Like Comment Crew, the security researcher believes NetTravel is based in China. The group focuses on attacking various government, diplomatic and military institutions.

In Dixon's investigations, he noticed that the hackers are not aware that their activities on VirusTotal are being monitored. However, Comment Crew began to use different IP addresses for each file submission. This suggests that the group might have detected that someone is tracking their online behavior.

Dixon hopes that his revelation about the link between hackers and VirusTotal will help tech companies develop better security measures to protect their networks.