Global BlogIT Malicious software 123 Malicious or harmful software is a general term that covers any type of computer software with malicious intent. Most online threats are a form of malware. All about malware Do you know how the medical community campaigns to encourage influenza vaccination every year? This is because flu outbreaks begin to spread and infect people usually at a certain time of the year. However, in the case of PCs, smartphones, tablets and corporate networks, there are no predictable seasonal infections. It’s always high season for them. However, instead of experiencing chills and body aches, users may develop a type of machine disease called malware. Malware infections flood us like a jet of water from a fire hose, each with its own attack methods – from sneaky to „subtle” like a sledgehammer. But if knowledge is strength, as a preventive vaccination against infection, we offer a short course on malware here: what it is, what its symptoms are, how to detect it, how to deal with it, and how to avoid it in the future. What is Malware? Malicious software (malware) is a broad term covering pieces of code and programs that harm systems. Hostile, invasive, and deliberately annoying malware aims to invade, damage, or inactivate computers, computer systems, networks, tablets, and mobile devices, often by partially taking control of the device’s operation. Like the human flu, it interferes with functioning. Malicious software is designed to make money illegally. While malware cannot physically damage your system hardware or network hardware (with one known exception – see the Google Android section below), it can steal, encrypt, or delete data, alter or hijack basic computer functions, and spy on your computer activities without your knowledge and acceptance. How can I check if I have malware? The presence of malware can manifest itself in many different ways. Here are some warning signs that you may have malware on your system: The computer runs slower. Malware most often causes the operating system to run slowly, whether you are navigating the Internet or running local applications. Lots of annoying ads that shouldn’t be displayed on your screen. Unexpected pop-up ads are a common symptom of malware infection. They are usually associated with a type of malware known as adware . Unfortunately, usually pop-ups are bundled together with other hidden malware, carrying other threats. So if you see something like „CONGRATULATIONS! YOU WON A FREE VISIT TO THE GHOST! ”, Don’t click that. No matter what free reward your ad promises, it will cost you dearly . Your system frequently freezes, freezes or displays the Blue Screen of Death (BSOD) which can occur on Windows systems after a fatal error occurs. You’ve noticed a mysterious loss of disk space, and it’s all likely due to a bloated intruder, malware hiding on your hard drive. There is a strange spike in internet activity on your system. System resource usage is abnormally high and your PC fan starts to run at full speed – malware activity is eating up system resources in the background. The browser start page has changed without your permission. Links you click also send you to places other than what you expect. Usually, this means clicking on such a „congratulations” box and downloading unwanted software . Browser may be very slow. Toolbars, extensions, or plug-ins appear unexpectedly in the browser. The antivirus program stops working and cannot be updated, the system is unprotected against sneaky malware blocking it. We are dealing with a painfully obvious, intentionally undiscovered malware attack. This is how the famous ransomware behaves , announcing that it is installed, informs that it has your data, and demands a ransom to return your files. Even if everything seems to be working fine on your system, don’t be complacent as lack of information isn’t necessarily good news. Powerful malware can hide deep inside your computer and start devastating activities without fanfare or applause: it breaks passwords, steals confidential files, or uses your computer to spread to other computers. How can you infect your device with malware? A prescription for malware infection contains a long list of ingredients. At the top of the list are the two most common ways malware can infiltrate your system – the Internet and e-mail. You basically always have an internet connection. Malware can infiltrate your computer when (now take a deep breath) surfing hijacked websites, clicking game demos, downloading infected audio files, installing new toolbars from an unknown vendor, installing and configuring software from an unknown source, opening a malicious attachment to emails or do anything else that involves downloading files from the Internet to a device that is insufficiently protected against malware. Malicious apps hide in seemingly legitimate software, especially when you download them from websites or news instead of the app store. It is important to pay attention to warnings when installing the application, especially if the application wants to obtain consent to access email or other personal data. „Malware attacks would not have been successful without the most important ingredient: you.” Remember to use only trusted sources of mobile applications, install only applications from reputable companies and always download them directly from the provider, not from random sites. All in all, we are swarmed with out-of -this-world evil heroes throwing tainted bait with an offer of internet speedup, a new download manager, hard drive cleaner, or an alternative internet search service. Malware attacks would fail without the most important ingredient: you . That is, without a gullible version of you willing to open an unknown email attachment or to click and install something from an untrustworthy source. And do not say that this is „stupid clicking”, because even very experienced people were „tricked” into installing malicious software. Even if you are installing something from a reliable source, if you do not pay attention to the permission request to install other bundled software at the same time, you may be installing software you do not want. Such additional software is often presented as essential although it is not. Another cause of trouble is the social engineering that Malwarebytes experts have observed in the UK. The scam hit mobile phone users who were using the common mobile direct-to-bill payment option . Users visited websites on mobile devices and unknowingly touched invisible buttons that charged victims' bills by using their mobile phone numbers. Honestly, we should also consider a no-fault malware infection scenario. It is possible that even just visiting a malicious website and displaying a website and / or banner ad will download malicious software . On the other hand, if you don’t run the right security program, the malware infection and its aftermath will continue to harass you. What kind of malware is the most common? Here is a gallery of the most common criminals in the „malware” category: Adware is unwanted software that displays advertisements on your screen, most often in the browser window. Typically, these programs use various methods to impersonate or hook on the desired applications to trick us into installing them on our computer, tablet or mobile device. Spyware is malicious software that secretly observes the activities of a computer user without their consent and reports them to the software author. A virus is malware that attaches itself to another program and, when run – usually accidentally – replicates itself, modifying other computer programs and infecting them with its own bits of code. Worms are virus-like malware that replicates itself and infects other computers over the network. It usually causes damage by destroying data and files. A Trojan or Trojan horse is one of the most dangerous types of malware. Usually he impersonates something useful to trick you. After starting the system, attackers with a Trojan horse gain unauthorized access to the victim machine. Therefore, a Trojan horse can be used to steal financial information or install threats such as viruses and ransomware. Ransomware is malware that locks your device and / or encrypts your files and then forces you to pay a ransom to get them back. Ransomware is sometimes referred to as a cybercriminal’s weapon because it demands high-speed, high protection money on a hard-to-track cryptocurrency . Ransomware code is easy to get hold of in online criminal markets and is very difficult to defend against. A rootkit is a type of malware that gives an attacker administrator rights on an infected system. It is usually invisible to the user, software and even the operating system. A keylogger is malware that records all of the user’s keystrokes on the keyboard, typically stores the collected information and sends it to the attacker who looks for sensitive information such as usernames, passwords, and credit card details. Malicious cryptomining , sometimes referred to as drive-by mining or cryptojacking , is an increasingly widespread malware usually installed by a Trojan horse. It allows an attacker to use your computer to obtain cryptocurrencies such as bitcoin or monero. Then, instead of putting the money in your account, the cryptocurrency sends the collected money to its own accounts. Basically, the malicious cryptominer steals your resources to earn money. Exploits is a type of malware that uses the errors and weaknesses in the system to allow the author to take control of the software exploits in the programs. Like other threats, exploits are related to malicious ads targeting a legitimate site that unknowingly downloads malicious content from the wrong site. The malicious content then tries to install itself on your computer in a drive-by download attack. No clicks are needed. All you have to do is visit the good site one unlucky day. What’s the malware history? Given the variety of malware types and the enormous number of variants published daily on the Internet, a complete malware history would be too long a list to be included here. However, that doesn’t mean it’s easier to learn to look at malware trends in recent decades. These are the main steps in malware development. The eighties and the following: The theoretical basis for „self-replicating automatons” (ie viruses) can be traced back to an article published in 1949, and early viruses appeared on computer platforms that preceded personal computers in the 1970s. However, the history of modern viruses begins with a program called Elk Cloner, which infected Apple II systems in 1982. Spread by infected floppy disks, the virus itself was harmless, but it spread to all attached disks, exploding so vigorously that it can be considered the first large-scale computer virus outbreak in history. Keep in mind that this was before there was any malware for Windows PCs. Since then, viruses and worms have become commonplace. 1990s : At the beginning of the decade, the Microsoft Windows platform, along with flexible application macros, prompted malware authors to write contagious code in the macro language of Microsoft Word and other programs. These macros infected documents and templates, not executable programs, although strictly speaking, Word document macros are a form of executable code. 2002–2007 : IM worms – self-replicating malicious code spreading on IM networks – exploit network vulnerabilities and spread on a massive scale, infecting the AOL AIM network, MSN Messenger and Yahoo Messenger, as well as corporate IM systems . 2005–2009 : Adware attacks spread by presenting unwanted advertisements on computer screens, sometimes in the form of pop-ups or in a window that users were unable to close. These ads often used legitimate software as a means of spreading, but around 2008, software publishers began suing ad companies for fraud. The result was millions of dollars in fines. This eventually led to advertising companies closing. 2007–09 : Malware scammers have moved to social networks such as MySpace as a channel to deliver unauthorized ads, redirects, and offers of fake antivirus and security tools. Their tricks are designed to deceive consumers by employing social engineering measures. After MySpace declined in popularity, Facebook and Twitter have become the preferred platforms. A common tactic was to present fake links to phishing websites and promote applications with malicious extensions on Facebook. As this trend began to fade away, scammers began looking for other ways to steal . 2013 : A new form of malware called ransomware launched an attack known as CrytptoLocker, which lasted from early September 2013 to late May 2014, targeting Windows computers. In the last quarter of 2013, CryptoLocker managed to force victims to pay approximately $ 27 million. In addition, the success of ransomware has spawned new varieties of ransomware. One such program managed to raise $ 18 million from over 1,000 victims between April 2014 and June 2015. 2013-2017 : Delivered via Trojans, exploits, and malicious ads, ransomware has become the king of malware, culminating in massive outbreaks in 2017 that hit all types of businesses. The ransomware encrypts the victim’s data and then demands payment for sharing it. From 2017 to Today : Cryptocurrency – and how it is mined – has received widespread attention, leading to a new malicious scam called cryptojacking or the stealthy use of someone else’s device to stealthily mine cryptocurrency from victims' resources. Is Malware On Mac? Folk wisdom is that Macs and iPads are immune to viral infections (and don’t need antivirus software ). This is true in most cases. Nothing like this had happened in a long time, at least. „Mac systems are susceptible to the same threats (and subsequent symptoms of infection) as Windows computers and cannot be considered bulletproof.” Other types of malware are different stories entirely. Mac systems are vulnerable to the same threats (and subsequent infection symptoms) as Windows computers and cannot be considered bulletproof. For example, your Mac’s built-in malware protection doesn’t block all the ads and spyware bundled with fake downloadable apps. Trojans and keyloggers are also a threat. Ransomware written specifically for Mac computers was first detected in March 2016, when an attack by a Trojan horse program affected more than 7,000 Mac users. In fact, in 2017, Malwarebytes detected more Mac malware than ever before. By the end of 2017, the number of new, unique threats that our specialists detected on the Mac platform was over 270% higher than the number recorded in 2016. Does malware exist on mobile devices? Malware writers love the mobile market. After all, smartphones are sophisticated, complex notebook computers. They allow access to a vault with personal data, financial details and all kinds of data valuable to those who want to make unfair earnings. Hence the rapidly growing number of malicious attempts to exploit smartphone vulnerabilities. By using adware, Trojans, spyware, worms, and ransomware, malware can find its way into your phone in many ways. By clicking on a suspicious link or downloading an untrustworthy application, you make it easier for criminals to act, but the device can also be infected by e-mail, texts, and even a Bluetooth connection. Additionally, malware such as worms can spread from one infected phone to another. It’s actually a huge market (read: target of attacks). One of the statistics sites puts the number of mobile device users at 2.1 billion worldwide – with an expected increase to 2.5 billion users by 2019. A quarter of these users have more than one device. Fraudsters find the mobile market very attractive and take advantage of the gigantic economy of scale to seize their opportunities. Besides, mobile device users are usually an easy target. Most of them don’t protect their phones as carefully as their computers, don’t install anti-virus programs, or keep their operating system up-to-date. Therefore, they are susceptible even to primitive malware. Since the screens of mobile devices are small and users cannot easily perceive the activity, the typical warnings signaling infection on the PC may not be visible on the screen or in stealth mode, similar to spyware. Infected mobile devices pose a particularly high threat compared to a PC. The hijacked microphone and camera can track your every move and conversation. Worse yet, mobile banking malware intercepts incoming calls and text messages to avoid the two-step authentication security that many banking apps use. „The more popular Android platform attracts more malware than the iPhone.” Be aware that cheap phones may come pre-installed with malware that is almost impossible to clean. ( Malwarebytes for Android will warn of such pre-installed malware and provide removal instructions.) When it comes to the mobile malware ecosystem, the two most widespread smartphone operating systems are Google’s Android and Apple’s iOS. Android is the market leader with 80% of smartphone sales, followed by iOS with 15% of all smartphones sold. „It’s no surprise that the more popular Android platform attracts more malware than the iPhone.” Let’s compare both systems. How can I check if malware is on my Android device? Fortunately, there are some hard-to-confuse warnings that signal your Android phone is infected. The following items indicate that your device may be infected: Sudden appearance of pop-ups with aggressive advertisements. If they appear out of nowhere and link to vague websites, you probably have something installed that hides the ad. Don’t click on ads. A puzzling increase in data usage. Malware interferes with your data plan by displaying advertisements and sending malicious information from your phone. False charges on your bill. They appear when malware connects to premium numbers and sends texts. Battery discharge too quickly. Malware consumes resources and drains your battery faster. People on your contact list are reporting strange conversations and texts from your phone. Malware replicates itself by traveling from one device to another via email and texts, inviting you to click an infected link. The phone heats up and performance drops. For example, a Trojan horse has been detected that attacks Android phones so nasty that it can put such a high load on the CPU that it will overheat the phone and damage the battery, ending the life of the Android phone . Surprising screen applications. Sometimes you download applications that have malware attached to it that can be installed in the background. This is because Android allows users to go straight from Google Play to other stores, such as Amazon, where malware may be present. The phone turns on Wi-Fi and internet connections by itself. This is another way of spreading malware, ignoring user preferences and opening up new infection channels. Below we explain what to do if your Android device becomes infected . Additionally, there is an article on the Malwarebytes blog about keeping your privacy safe on Android . How can I check if malware is on my iPhone or iPad? If your smartphone name starts with a lowercase „i” then you can rest easy as malware is not a major concern for iPhone users. That doesn’t mean it doesn’t exist, but it is extremely rare. In fact, most often, malware infection on an iPhone only happens under two extraordinary circumstances. While it is unlikely that your iPhone will be infected with malware, simply owning a device does not protect you from fraudulent calls and messages. The first is a deliberate attack by a nationwide adversary – the government that created or purchased millions of dollars in malware designed to exploit an iOS security vulnerability. No wonder, each device is vulnerable in its own way. Apple has certainly done a good job of securing iOS when it comes to blocking your phone or system contents from being scanned by other apps (even security software). That is why it is so expensive to create malware that will install its code on our devices and perform the actions that a hostile state needs. One particularly notable case occurred in 2016, when an internationally recognized human rights defender from the United Arab Emirates received text messages on his iPhone, promising to reveal „new secrets” about people held and tortured in UAE prisons. The recipient was asked to click a link in the message. He did not, but sent a message to cybersecurity specialists who found an application in a link that was supposed to turn the activist’s phone into a spy device. The second case is when a user exposes their iPhone to danger through a jailbreaking process that removes restrictions and lockouts imposed by Apple, mainly to have apps installed exclusively from the App Store. Apple carefully checks the developers of the applications it introduces to use, but it has happened that malicious code was attached to legal codes. One more note. While it’s unlikely that your iPhone will get malware, owning a device in the same way does not protect you from fraudulent calls and messages. If you press a link in a message from an unknown source (or someone you know but who is pretending to be), that source may direct you to a page that asks for your login and personal information. All in all, there are many ways you can become a victim. Always be prudent. Who is the target of malware attacks? The answer is: almost everyone. Consumers currently use billions of devices. They’re tied to banks, online store accounts, and anything else worth stealing. These are natural targets for adware, spyware, keyloggers, and malicious code in advertising – as well as an attractive method for lazy criminals to create and distribute malware for as many purposes as possible with relatively little effort. „If you use a smartphone or tablet in the workplace, hackers can attack your employer’s organization.” Criminals creating ransomware and cryptojacking codes do not seem to be picking their targets. Their victims are individuals as well as enterprises, hospitals, municipalities and retail store systems. But not only consumers are the recipients of spyware for mobile devices. If you use a smartphone or tablet in the workplace, hackers can attack your employer through vulnerabilities in mobile devices. In addition, your company’s incident response team may not detect violations that originate from a mobile device using a corporate email account. As we mentioned, not all apps available on the App Store and Google Play are in demand, and the problem is even more acute with other app stores. App store operators try to prevent malicious apps from penetrating their websites, but some always manage to bypass security. These applications can steal users' data, ransom them, attempt to gain access to the corporate networks to which the device is connected, and force users to watch unwanted advertisements or do other insecure things. How can I remove malware? If you suspect malware infections or just want to be careful, there are a few steps you need to take. First, if you don’t already have one, download an original anti-malware program such as Malwarebytes for Windows , Malwarebytes for Mac , Malwarebytes for Android, or one of our enterprise products . Then install it and run a scan. Programs like these are designed to search for and eliminate malware on your device. After your device has been wiped, it’s a good idea to change your password, not only for your computer and mobile device, but also for your email account, social media accounts, favorite stores, banking sites, and online billing centers. If your iPhone has been infected with something nasty, the problem is more complicated. Apple does not allow scans of the iPhone’s system files or any other files on the device. The only solution is to factory reset your phone and recover all files from a backup (you have one, right?). You can also consider using security software that displays and blocks unwanted calls and text messages, such as Malwarebytes for iOS (coming soon). How can I protect myself against malware? Stay alert. Be especially careful if you see a domain name that ends with a strange abbreviation (i.e., something other than com, org, edu, or biz, for example), as they may indicate that visiting the site is risky. „Make sure your operating system, browsers and plugins are always up to date.” For all devices, pay close attention to the early signs of a malware infection to prevent it from hiding itself effectively. Avoid clicking on pop-up ads while browsing the Internet. Never open unexpected email attachments, download software from unreliable websites or peer-to-peer file transfer networks. Make sure your operating system, browsers, and plugins are always up to date. Properly secured software should keep internet criminals at bay. Mobile device users should download applications only from the Google Play Store (App Store is the only option for iPhone users). Every time you want to download an app, check the ratings and reviews first. If it has a low rating and few downloads, it’s best to steer clear of it. Do not download applications from other sources. The best way to make sure that this does not happen is to turn off the appropriate feature on Android. Go to the Android settings and open the security section. Make sure unknown sources are disabled to prevent installation of applications from sites other than Play Store. Don’t click on strange, unverified links in emails, text, and WhatsApp messages of unknown origin. You should also avoid strange links from friends and other contacts unless you know they are safe. To keep themselves safe, organizations can prevent malware from infecting their networks by creating a robust security policy for mobile devices and implementing mobile security solutions to help them enforce these policies. This is extremely important in today’s business environment, consisting of many operating systems working in various environments. Finally, get a good anti-malware program. It should provide multi-layered protection (the ability to search for and detect malware such as adware and spyware while maintaining proactive real-time protection capable of blocking threats such as ransomware). Your security program should also provide a means to correct any malware changes to the system so that everything returns to normal.