Malicious programs or malware are common and dangerous threats in the digital space for both individual users and organizations alike. German IT-Security Institute AV-TEST has recorded over 1 billion malicious programs as of this writing, with over 450,000 new instances of malware being recorded every day. The extraordinarily high volume of threats is forcing vendors to include AI-based detection even in consumer antivirus products.
Malware can perform a variety of attacks on users’ devices, which can result in the theft of sensitive data and money, destruction of hardware and files, the complete collapse of networks and databases, and more.
With nearly 200 million websites active today, according to an August 2022 survey conducted by NetCraft, and more being added daily, the Internet is the primary vector for malware to creep into an organization. Most of the time, it happens without the user or IT even knowing.
Methods like heuristics, behavioral analytics, or machine learning can also be useful in tracking the behaviors that can lead to or signify malware infection. However, they’re not foolproof, and infection can still occur even with the best cybersecurity solutions and employee training on the market.
Rather than focus on creating signatures for the millions of different malware variants – which is virtually impossible – security solutions should focus on the attack vectors, the paths attackers and malware follow to break into computer and IT systems. Even though there are infinite strains of malware, there are only a handful of vectors, some of which include surfing the Web, phishing emails, Trojan downloads and portable document formats (PDFs).
Here are some of the most common ways malware can infect your device.
8 Ways Malware Gets on Your Device
The Web is ever-changing and growing, making it one of the most commonly used attack vectors for hackers to steal users’ data. Just by surfing the Web, malware can be injected into a system without clicking on any downloads, plugins or intentionally opening any files. When navigating the Web, we put ourselves at risk. Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and Web pages.
A particularly dangerous example of this comes in the form of ChromeLoader. ChromeLoader is a piece of malware that would hijack users’ browsers to redirect them to pages full of ads. The malware recently evolved into a more dangerous form thanks to variants which can inject users’ devices with ransomware like Enigma.
Spear phishing is one of the most common email attack vectors, where attackers disguise themselves as other employees or legitimate entities. With spear phishing, hackers target organizations for confidential or highly sensitive data.
QR codes have become a potent new vector for spear phishing attacks. By embedding a malicious QR code in an otherwise innocuous-looking email, scammers have found another way to trick users into handing over their sensitive information. A 2021 spear phishing campaign spoofed legitimate-looking Microsoft Office 365 emails by offering users a QR code to access missed voicemail messages. When victims used the code, they were taken to a page which asked for their login credentials which were promptly stolen.
Want to Protect Yourself Against Phishing and Other eMail Threats? Take a Look at Top Secure Email Gateway Solutions for 2022
Web Trojan Download
A pattern has developed with Chrome extensions, WordPress plugins and the like; software that starts out safe is turned into malware, either through exploitation or a software update. The initial download of the legitimate software is used as a Trojan horse. When a user installs third-party software, it’s impossible for existing security mechanisms to detect if it’s malware or not.
A recent example of this malicious behavior was revealed this year by McAfee, which reported that a number of popular Chrome extensions had potentially infected over 1.4 million users with malicious cookies. These extensions included Netflix Party and Netflix Party 2, a pair of extensions that allowed users to sync up movies and shows on the popular streaming service to watch together.
PDF and Microsoft Office documents such as Word and PowerPoint permeate the Web. This is something that we don’t often notice – until a critical vulnerability shows up. Popular browsers like Chrome and Firefox contain built-in viewers for PDFs, which enable document viewing to blend seamlessly with the native Web experience. But easy document viewing can come at a price. A simple click, (whether on the Web or in an email), can lead to a document that’s potentially weaponized and laden with malware.
This threat is constantly evolving as well. When Microsoft began blocking macros from running on untrusted files by default, hackers found a way around this by using compression files like .zip, .rar. or .iso to successfully smuggle the malware-laden files onto your device.
A popular way to inject malware onto devices is by setting up legitimate-looking websites to entice users. This can come in a variety of forms, such as changing a single letter in a legitimate website’s url — often called typosquatting — or copying the website’s entire website design and layout but adding malicious links.
Earlier this year, hackers impersonated the Ghanian Oil Company, also known as GOIL, with a fake website claiming that users were eligible for government fuel subsidies. After filling out a short questionnaire involving questions about GOIL and basic user information like their age, users were asked to select a prize box, with three opportunities to select the correct box with their prize. If successful, users were asked to fill in their address and share the false promotion via WhatsApp in order to receive their prize, completing the phishing attempt. GOIL alerted their customers to these sorts of scams in an August 2022 Facebook post.
Want to Learn More About How Scammers Are Getting Ahold of Your Data? Check Out The Scammers’ Playbook.
Fraudulent Mobile Apps
Much like the malicious Chrome extensions and WordPress plugins mentioned above, mobile apps are a dangerous vector for malware. Whether by impersonating popular apps, implementing hidden ads, keylogging, or other techniques, mobile apps possess a number of methods to infect users’ devices. These sorts of apps are nothing new, however, and they typically don’t end up on the Google Play Store or the Apple App Store, the two most popular app marketplaces.
However, an ad fraud campaign, known as Scylla, had managed to get 80 fraudulent apps onto the Google Play Store and 9 apps onto the Apple App Store, resulting in over 13 million downloads as of this writing. Scylla was first discovered in 2019 but is still ongoing. However, HUMAN Security’s Satori Threat Intelligence and Research Team has been working with Google, Apple, and other relevant parties to disrupt the campaign.
Remote Desktop Protocol (RDP)
Remote Desktop Protocol (RDP) is what allows two computers to connect with one another via a network. Though developed by Microsoft for Windows, the technology is widely-used and has clients for most popular operating systems, including Linux, MacOS, Android, and iOS.
Unfortunately, RDP is sometimes found vulnerable for exploitation by hackers on older or poorly protected systems, and once they gain access to a computer via RDP, they can inject malware or steal files from the victim’s machine without much trouble.
A growing genre of cybercriminal known as Initial Access Brokers (IABs) have begun making their ill-gotten gains off selling access credentials to RDP and other corporate services like content management systems or company VPNs. These credentials are then used by hackers to implement ransomware attacks on company devices.
Struggling With Ransomware? Check Out Our Guide to the Best Ransomware Removal Tools
Finally, removable hardware like flash drives are a viable vector for malware. While remote methods like spear phishing are more common, there is still a danger whenever a user plugs an unknown flash drive into their machine. These flash drives can then inject a variety of malware, such as keyloggers, to get ahold of their data.
While simply not plugging unknown flash drives into a device is part of preventing this sort of attack, malware infection via USB is so quick that briefly unattended devices can be vulnerable to attack as well if a hacker is opportunistic enough. When leaving a device unattended in a public space for any reason, we recommend disabling USB ports until you return to your device.
Additionally, if using a device in public spaces, users should be wary of public USB chargers found at libraries, cafés, or airports, as hackers can utilize these to steal data and infect user devices in a practice known as “juice jacking.”
Shut Down Attack Vectors
Data breaches and malware attacks are costing enterprises millions of dollars each year, and that number won’t slow down any time soon. Security detection mechanisms look for a finite set of malware patterns, but the number of variations is infinite and impossible to effectively track.
Despite the growing sophistication, infection vectors stay constant. Every breach starts out with the same vectors, and the two largest buckets encompass Web and email. The only difference is what the malware does post-breach. If we are to begin to truly combat malware, we need to start by securing the attack vectors.
Looking For New Ways to Protect Your Business’s Data? Check Out Top Network Detection & Response (NDR) Solutions
NOTE: This article was originally written in April 2016 by Kowsik Guruswamy and updated by Zephin Livingston in September 2022