What Is Threatware?
Threatware is a type of malicious software or malware that’s designed to damage a computer system’s files.
How Does Threatware Work?
When using a phishing email to circulate malware, a hacker will send a user an email impersonating a friend, coworker, or trusted brand to mislead them into clicking on a malicious attachment or URL. Downloading the file or visiting the compromised website will infect the device with a malicious program.
Once the malicious program has made its way onto your computer, it can start to exfiltrate and export personal data from your device to send to the attacker.
It’s important to note that phishing is just one of many methods hackers can use to spread malicious software. Other methods include:
- Sending malicious URLs via SMS messages;
- Leaving compromised USB flash drives and external disks in public places;
- Uploading fake software and files to file-sharing sites;
- Gaining physical access to a device to install malware manually.
What Are the Effects of Threatware?
Devices infected by threatware or malware can start showing a number of signs of compromise. Some telltale effects of threatware include:
- Slow processing speeds
- Decreased storage space
- Frequent freezing or crashing
- Unusual pop-ups
- Unauthorized programs installed
- Files being modified or deleted
- Programs closing down unexpectedly
- Changes to security settings
- Emails and other messages being sent to account contacts
- New toolbars in your web browser
Types of Threatware
There are many different types of threatware that you should be aware of online. These include:
- Ransomware: A type of malicious software that encrypts a victim’s files and issues a ransom note threatening to delete or release the files unless a ransom is paid.
- Spyware: A program that enters a device and harvests the user’s data and passwords before forwarding them to a hacker.
- Worms: A worm is a self-replicating program that infects a machine and then begins scanning other computers for vulnerabilities before infecting them to move throughout a network.
- Trojan viruses: A piece of malware that mimics legitimate software, such as antivirus, to trick the user into downloading it and infecting their computer.
- Keyloggers: Software that records each keystroke made on a computer, which can help hackers crack passwords and other confidential data.
- Adware: Code that generates unsolicited pop-up adverts on a user’s computer.
More and more examples of threatware are emerging on a daily basis. However, one of the most notorious examples is the trojan virus Emotet, which was first detected in 2014 when hackers targeted hundreds of customers of German and Austrian banks with spam emails.
Clicking on a link or attachment in these emails would infect the computer with Emotet, which would harvest sensitive data and then attempt to infiltrate surrounding computers on a network. This could cost up to $1 million per incident to remediate.
Another high-profile example of threatware emerged in 2017 with the Wannacry ransomware outbreak, which affected approximately 200,000 individuals and 10,000 organizations in over 150 countries.
In this instance, the WannaCry ransomware exploited an unpatched vulnerability in Windows XP to encrypt the user’s files and issued a pop-up noting that the files had been encrypted but could be unencrypted by making a payment to a linked Bitcoin address.
More recently, the threat of malicious software remains incredibly prominent online. In fact, according to SonicWall’s 2022 Cyber Threat Report, in 2022, there were 5.4 billion malware attacks and 623.3 million ransomware attacks.
This means users need to be proactive about staying safe online.
How to Avoid Threatware
Prevention is the best defense against threatware. Avoiding downloading malicious files in the first place is much more effective than trying to contain an outbreak post-infection.
Here are some simple steps that users and organizations can take to avoid threatware infections:
- Don’t click on links or attachments in emails from unknown senders. This will reduce the likelihood of downloading anything malicious;
- Lookout for unusual URLs and spelling mistakes in emails. Irregular formatting and spelling mistakes in emails can indicate a phishing scam;
- Install antivirus software to your devices. Installing antivirus to your devices and keeping it regularly updated will help you to detect if your device has been compromised;
- Periodically download patches and software updates for your device. Updates can eliminate zero-day vulnerabilities on your devices;
- Regularly back up your data. Data backups will allow you to reset your device without losing anything if it becomes infected;
- Select strong passwords and enable two-factor authentication. This will make your online accounts much harder to hack;
- Don’t connect to public WiFi. Hackers often eavesdrop on public WiFi connections, so it’s best to avoid them where possible.
How to Fix a Threatware-Infected Device
If you believe your device has been infected, then removing the infection will depend on the type of threatware that your computer is experiencing.
That being said, there are some simple actions you can take to remove most forms of malware:
- Immediately disconnect the device from the Internet;
- Use a solid antivirus to scan for viruses and delete any malicious software or files detected;
- Delete recently downloaded temporary files that could be behind the infection;
- Remove any new or unusual browser extensions;
- Don’t click on any pop-up links;
- If you can’t remove the infection, reset the device and reboot it;
- Consider using specialist tools like Norton Power Eraser to remove persistent threatware.
While threatware is incredibly prevalent online, if you follow basic cyber hygiene and some of the best practices outlined in this article, you can reduce your overall exposure to threat actors.
As a golden rule of thumb, if you’re unsure whether an email or website is legitimate or not, don’t click on it.