Malicious Software (Malware)

What is Malware?

Malware is the most common type of cyber threat in 2023. Combine the first part of malicious with the last part of the software, and you have the name. But what is malware? Put simply, it is any software that does something to your detriment and to the benefit of the cybercriminals.

Advertisements

There are many types of malware. The term covers everything from viruses to ransomware and from worms to cryptojackers. Each type of malware has many variants, and some malware even exhibits characteristics of more than one type, making categorization troublesome. Features they all share, however, are they are intrusive, hostile, increasingly sophisticated, and costly to the victim.

Financial gain is the driving force behind most malware. There’s great variety in the ways the illegal profits are gathered. Ransomware is straightforward extortion. 

Cryptojackers use your computer to covertly mine cryptocurrency and earn financial rewards for their efforts. Malware can steal your data. It can eavesdrop on e-commerce transactions and steal customers’ credit card details. 

It can spy on your computer activity and send all of your keystrokes to the perpetrators or “threat actors.” This reveals authentication credentials for any system you’ve logged into.

Rarely political or social activists (“hacktivists”) mount a malware infection that isn’t motivated by money. Hacktivists target organizations that hold opposing political views or that exhibit (in their view) poor ethical judgment, environmentally harmful practices, or a bad human rights record.

The term malware also includes code that can infect your internet browser. It might capture keystrokes. It might force-feed you with adverts. It may try to coerce you into clicking a link or visiting a website so that you become infected with their end-game malware, the one they try to make money from.

Can macs get viruses? Malware isn’t restricted to the Windows world. Apple Macs and Google Chromebooks are not immune to malware. Anything with a browser can catch malware, and Apple-specific malware grew by 270% in 2017. That’s the fastest-growing area of malware.

There are two reasons Apple computers have caught the attention of the malware authors. 

  1. One is there are now sufficient quantities of Apple computers being used in business to justify the effort. 
  2. The second reason is almost all Mac users believe they don’t need anti-virus or anti-malware end-point protection. They still believe in the fictional Apple immunity. There’s nothing a threat actor likes more than an unprotected target and easy pickings – or people who don’t practice proper cyber security hygiene.

And don’t forget mobile devices such as tablets and cell phones. These can become infected just as easily. There are billions of mobile devices in the world, and that’s too big a target for the threat actors to ignore.

Common Types of Malware

Common Types of Malware

Adware

Adware displays fraudulent adverts on your computer. Very rarely, these may appear on your desktop, but most adware runs inside your browser. Adware has been around for many years and started off as just that – annoying, intrusive adverts. Nowadays, adware is a ruse designed to provoke you into performing another action, such as clicking a link or installing a bogus malware cleaner.

Spyware

Spyware does not announce itself. It runs in the background, watching your activity and recording keystrokes. This information is relayed back to the threat actor. They can review the information sent to them and try to discover industrial secrets or log-in credentials to other systems.

Viruses

A virus is a malware with a particular distribution and replication technique. A virus will attach itself to another, usually bona fide, program. When that program is executed by the user, the virus replicates itself by attaching duplicates of itself to other applications within the computer.

Worms

Worms are similar to viruses, but worms can replicate across networks and from computer to computer. They are usually destructive and intentionally damage data files.

Trojans

A Trojan horse, often called just a Trojan, is another distribution method for malware. It masquerades as a genuine program but carries a dangerous payload. This is why downloading software from untrustworthy sites is so risky. 

Popular or expensive software applications or entertainment media are made available for download by the threat actors. They upload it to pirate sites because they know it will be downloaded many times. The hidden malicious payload might be a keystroke recorder or a ransomware installer, or it might give the threat actors remote control of your computer.

Ransomware

Ransomware encrypts the files on your computers and servers so that you cannot access your data, documents, and email. You are forced to pay a ransom in cryptocurrency in exchange for the decryption of your data. 

Ransomware “kits” are available on the Dark Web at low cost, placing this type of attack even within the grasp of unskilled threat actors. You can even find ransomware-as-a-service providers on the Dark Web who will conduct ransomware campaigns on your behalf. They take a cut of the profits, so there are no up-front costs for the would-be cybercriminal to get into the ransomware game.

Cybercriminals like ransomware because these attacks are profitable and, surprisingly, often uninvestigated. Many victims quietly pay the ransom rather than go public and involve the police. They’d prefer to pay the ransom and avoid the reputational damage associated with being a victim of cybercrime and branded insecure.

Rootkits

A rootkit usually provides the threat actor with remote administrator privileges on your computer. Rootkits are sophisticated and are often able to resist disinfection by all but the most proficient anti-virus packages.

Keyloggers

A keylogger captures every keystroke entered on the infected machine and sends them in batches to the threat actors. Sensitive information like authentication credentials, industrial secrets, corporate intellectual property, credit card details, and anything else that the threat actors can monetize is extracted from the data. It is either used by the threat actors or sold on the Dark Web.

Cryptojackers

Cryptojacking is a huge problem. Ransomware and cryptojacking vie for the number one and two spots of most common malware. Cryptojacking is the illicit use of your hardware to perform cryptomining. Cryptocurrencies like Bitcoin record the details of financial transactions in encrypted blocks of data. The blocks are appended to a list of blocks called the blockchain.

It is very computationally expensive to perform the calculations required to create the blocks. Anyone can devote some of their PC processing power to assist in the calculations. If the output of your calculations (called a hash) is used to finalize the addition of a block, you are rewarded with a fractional amount of the cryptocurrency. 

This is called cryptomining. If enough of your hashes are used by the blockchain, your tiny rewards start to mount up to meaningful figures of “free” money. This is legal, and open to anyone who has any of that cryptocurrency.

The illegal part is that cryptojackers mine cryptocurrency using other people’s computers. The more devices that are infected, the bigger the pool of resources that they have working for them. It effectively creates a tremendously powerful computing platform out of the army of infected devices, all working in unison without their owners’ knowledge or permission. 

Of course, the owners of those computers are paying for the price of the mining and suffering the degraded performance of their hardware.

How to Tell If You’re Infected With Malware

Signs of Malware Infection Description
Loss of Speed If you notice a sudden degradation in performance, question it. It might not be malign, but get it checked out. Something has changed, so find out why. 

It’s tempting to soldier on and tell yourself you’re too busy to have IT come and mess about with your computer and that you’ll raise the issue after you’ve finished this important report. Don’t take that approach. Report it as soon as you notice a deviation from the norm.

Pop-up Adverts You’re suddenly plagued by pop-up adverts. This is a typical indication that you have been infected by adware. Clicking on an advert, link, or even a message saying “opt-out of these adverts” is likely to infect you with something much worse.
Crashes and Freezes Your computer crashes, lock-ups for short periods, or freezes completely. These incidents may be the intended action of the malware, or it might mean the malware has bugs in it. Malware is software, and software is prone to bugs. Even poorly written malware can be disruptive, costing you time, data, and money.
Low Hard Drive Space Your hard drive space is being used up, and you don’t know why. You may have a digital squatter residing on your hard drive. Perhaps it is stockpiling data and keystrokes prior to dispatching them to the threat actors.
Unusual Internet Activity Your internet activity increases. This might be due to the malware sending its findings back to a command and control server and receiving instructions from the server. It might be because your computer is siphoning company data to the threat actors.
Your Computer is Laboring Your computer is running hot, or your laptop fan is loud all the time. You may have a piggy-back malware using your CPU cycles and RAM to work on a profitable task such as cryptocurrency mining. The rewards of which go into the threat actor’s digital wallet.
Browser Changes Your browser’s homepage is reset. You might see a new toolbar or a browser extension. Clicking links on web pages may take you to unexpected web pages. Any of these indicates your browser has been hijacked. The threat actors are trying to get you to click on some other link or to install a package that offers to disinfect your PC.
Anti-Virus is Throttled Your antivirus end-point protection loses functionality. It might not accept updates, or it won’t perform a scan. Something has infected your system and disabled your protection. This is the digital equivalent of breaking into a building and taking out the security guards.
The Ransomware Tells You! When a message says you’re infected, you don’t have to guess whether you’ve been hit by ransomware. It takes great pleasure to let you know and tell you the cost of unencrypting your data. It will ask for a ransom in cryptocurrency in exchange for unencrypting your data.

How to Tell if Your Cell Phone is Infected With Malware

Here are some tell-tale signs that your mobile device has become infected:

  • You’re seeing a deluge of adverts.
  • You had an inexplicable upturn in data usage.
  • There are unaccountable charges on your bill.
  • Your battery life runs down faster than usual.
  • Malware can replicate one device to another by means through emails and SMS text messages. Your contacts might start getting mysterious messages from your cell phone.
  • Some malware can make your cell phone heat up to the point that the battery physically swells.
  • Apps that you didn’t install appear on your handset.
  • WiFi and Internet access keeps turning itself back on after you’ve turned it off.

Malware Infection Methods

The two most common methods used to spread malware are email and activities involving the internet. 

Fraudulent – and often unsolicited – emails carry malicious attachments or entice you into clicking on links. You can be infected by browsing a legitimate but infected website that has been compromised by the threat actors. Of course, there are purpose-built malicious sites that infect everyone who visits. They entice visitors by offering pirated computer games, films, software, and music.

Mobile devices can become infected when you install untrusted apps, when clicking on a link in a bogus email or SMS text message, or by signing up for a too-good-to-be-true web service.

The common factor in all of these attacks is the human one. Someone opens the attachment, clicks the link, installs the app, or makes the download. Behavioral changes, threat awareness, and a healthy degree of caution can drastically lower the risk of infection.

The Bottom Line | How to Protect Yourself From Malware

  • Stay vigilant. Check domain names in links for strange spellings. Hover over links to see what they really point to. It might not be the same location as the text in the link suggests.
  • Don’t click on pop-up adverts while browsing the internet.
  • Never open attachments in dubious emails. If there’s a chance it might be genuine, contact the sender for verification.
  • Do not download software from unofficial websites, pirate sites, and peer-to-peer file transfer networks.
  • Ensure your operating systems, application software, network device firmware, and mobile devices receive regular security patches and updates from the manufacturer. Don’t use any operating system or software that is out of its supported life cycle.
  • Only install apps from the official Google Play Store or the Apple App Store.
  • Do not click links in unsolicited emails, SMS text messages, and WhatsApp messages.
  • Install a top-tier end-point protection package on all of your network and mobile devices. The market leaders will include anti-virus and anti-malware protection in one solution.
  • Segment and segregate your network where possible.
  • Don’t use privileged accounts such as system administrator accounts for anything other than system administration.
  • Get insurance. Many companies offer cyber insurance policies, and homeowners and renters insurance sometimes cover cybercrime and malware. Tell your insurance company that you want a “personal cyber insurance rider.”

Remember, your best protection is personal vigilance by yourself and your staff. Even the best end-point protection cannot stop a brand-new strain of malware.

There is a finite period between the release of a new malware variant and the release of new signature updates. Until your end-point protection receives the new signatures, it cannot detect and nullify the new threat.

Unprotected periods are called “zero days.” In a zero-day situation, your defenses are reduced to the joint awareness, diligence, and working practices of you, your staff, and your colleagues.

References

  1. Top Cybersecurity Threats [2023] (University of San Diego)
Advertisements

Related Terms

Marshall Gunnell
IT & Cybersecurity Expert

Marshall, a Mississippi native, is a dedicated expert in IT and cybersecurity with over a decade of experience. Along Techopedia, his bylines can be found on Business Insider, PCWorld, VGKAMI, How-To Geek, and Zapier. His articles have reached a massive readership of over 100 million people. Marshall previously served as the Chief Marketing Officer (CMO) and technical staff writer at StorageReview, providing comprehensive news coverage and detailed product reviews on storage arrays, hard drives, SSDs, and more. He also developed sales strategies based on regional and global market research to identify and create new project initiatives.  Currently, Marshall resides in…