7 ways malware can get into
your device
You know that malware is bad, but are you also
aware of the various common ways in which it can infiltrate your devices?
Malware has been one of the most common threats that netizens face daily. However, although you have heard about the various types of malware you can encounter, chances are you don’t know how these malicious programs are able to infest your devices.
While knowing what types of
threats exist is the first step towards protecting yourself and your devices,
the next and arguably more important step is to know how threat actors try to
sneak these malicious pieces of code into your computers, smartphones, and
tablets. To help you combat these threats, we look at some of the most common
methods and tactics used to tricking netizens into downloading malware and
compromising their data and security.
Phishing and
malspam emails
Usually the main objective
of phishing emails is to wheedle sensitive information out of you such as your
access credentials to various services, your card verification code (last three
digits on the backside of your payment card), PIN code, or other personally
identifiable information (PII). But by masquerading as mail from a trusted
institution, they may contain attachments or links that will lead to your
device getting infested with malware.
Therefore, it’s always
prudent to not just skim over your emails but read
them thoroughly. More often
than not you’ll notice dead giveaways that you’re dealing with a scam. Telltale
signs usually include spelling mistakes, evoking a sense of urgency, requesting
personal information, or the email originating from a suspicious domain.
Fraudulent
websites
To trick victims into
downloading malicious apps, cybercriminals like to spoof
websites of famous brands or
organizations. The scammers create fraudulent webpages impersonating the real
deal, with the domain name resembling the domain of the organization being
spoofed as closely as possible, with some subtle differences here and there,
such as adding a letter or symbol or even a whole word. The websites will be
malware-laced and will try to dupe the target into clicking on links that will
download malware into their devices.
To avoid getting your
device infested with malware by visiting one of these websites, always search
for the official domain by typing it into a search engine or by typing it
manually into the address bar. It bears repeating that a proper security
solution will also protect you from most threats and will also block you from
accessing known malicious websites.
USB flash
drives
External storage devices
are a popular form of storing and transferring files; however, they do carry a
number of risks. For example, threat actors like to use the “lost” flash-drive
social engineering strategy, to dupe unwitting good Samaritans into plugging
a compromised thumb drive into
their computers. Once an afflicted drive is plugged in and opened your device
can get infested with a keylogger or ransomware.
Alternatively, if you
aren’t careful about how
you handle your flash drive, your
computer may get infested by cross-contamination. To mitigate the chances of
contaminating your PC you should use a reputable and up-to-date endpoint
security solution that will scan any external media plugged into your device
and warn you if it contains anything suspicious.
P2P sharing
and torrents
While over the years
peer-to-peer sharing and torrents have gained a reputation for being a place to
illegally download software, games, and media, they have been used by
developers as an easy way to disseminate their open-source software or
musicians to spread their songs. However, they are also infamous for being
abused by black hats who
inject the shared files with malicious code. Most recently, ESET researchers uncovered cybercriminals misusing the
BitTorrent protocol and Tor network to spread KryptoCibule, a multitasking multicurrency cryptostealer.
To minimize the risk of
being compromised, you should use
a reputable Virtual Private Network (VPN) to encrypt your traffic and keep it safe from prying eyes.
You should also use an up-to-date security solution that can protect you from
most threats including viruses or malware that may be a part of the files
you’re trying to torrent.
Compromised
software
Although it may not happen
often, software being directly compromised by threat actors isn’t a rare
occurrence. One prominent example of an application’s security being
compromised was the case of CCleaner. In these attacks, the black hats inject the
malware directly into the application, which is then used to spread the malware
when unsuspecting users download the app.
Since CCleaner is a trusted
application, it wouldn’t have occurred to a user to overly scrutinize it.
However, you should be careful when downloading any type of software – even
the one you trust. You also can’t go wrong by using a reputable security
solution and don’t forget to patch and update your apps regularly, security
patches usually deal with any vulnerabilities or loopholes found in the
affected apps.
Adware
Some websites are riddled
with various ads that pop up whenever you click on any section of the webpage
or can even appear immediately whenever you access certain websites. While the
aim of these ads is generally to generate revenue for these sites, sometimes
they are laced with various types of malware and by clicking on these ads or
adware, you may involuntarily download it onto your device. Some ads even use
scare tactics telling users that their devices have been compromised and only
the solution offered in the ad can clean up the compromise; however, that is
almost never the case.
A sizeable amount of the
adware can be avoided by using trusted ad-blocking extensions on your browser,
which will, as the name suggests, block ads from appearing on the website
you’re visiting. Another thing you can do is avoid suspicious websites that use
such advertisements altogether.
Fake apps
The last item on this list
deals with fake mobile applications. These apps usually masquerade as the real
thing and try to dupe users onto downloading them into the victims’ devices,
thereby compromising the devices. They can take on the guise of anything,
posing as fitness-tracking
tools, cryptocurrency
apps, or even COVID-19
tracing apps. However, in
reality, instead of receiving the advertised services, the devices will get
infested with various flavors of malware such as ransomware, spyware, or
keyloggers.
To avoid downloading any
malicious apps onto your devices, you should stick with applications offered by
trusted developers with a verifiable track record and reviews. Also keeping
your devices patched and up-to-date can help you stay protected from various
threats that would try to exploit the vulnerabilities that may be present in
older versions of apps and operating systems.
Conclusion
While the list of strategies used by cybercriminals to target unsuspecting citizens is long and it may get longer (black hats keep coming up with new malicious tactics, after all), there are ways you can keep your data secure and your devices protected. These threats can be countered by adhering to cybersecurity best practices, which include using reputable security solutions and keeping your systems patched and up to date.