How to Find and Remove Camera Malware
Are you really in control of who can see you through your webcam? There could be hackers on the other end, waiting to exploit your private moments.
Cybercriminals have become quite creative in finding ways to victimize users. There’s now a dizzying array of attack methods that hackers can use to exploit IoT devices such as cameras, DVRs and baby monitors, in order to compromise security and privacy.
One method that may have flown under the radar in recent years but continues to be a worrisome threat even to ordinary users is camfecting. PCs and mobile devices that are equipped with web cameras and microphones can be infected with malware that lets attackers hijack and intercept video and audio feeds. (For more on this threat, see Beware! Your Devices Are Spying On You.)
Hackers can remotely turn these peripherals on to record or even stream whatever they can capture, including users’ private moments and conversations. They can also use these recordings to extort users, using the threat of leaking embarrassing recordings to get victims to agree to their demands.
In 2013, an American hacker used camfecting on more than a hundred women to gather compromising images. He was eventually caught and was sentenced to an 18-month prison term, but the case shows how it’s possible for just one attacker to victimize many users by using malware.
Given the widespread availability of invasive malware capable of taking over computing peripherals, the threat continues to exist.
Reason CTO Andrew Newman shares, “Our devices help us stay connected and be visible online but they can also become security risks. Unfortunately, it has become too easy for hackers to target devices like webcams and invade our privacy. This is why security solutions must now feature privacy protection on top of the usual antimalware functionalities.”
If you’re worried about camfecting, here is how you can check for camera malware and remove it from your computer.
Checking for Infection
Hackers have become quite clever in hiding and disguising the malware they plant on computers. Malware can change file and process names, making it tough for manual scans to identify them. Most users don’t even know that they’ve already been hacked.
Fortunately, there are ways to tell if your computer has been camfected. Some of the common symptoms of malware that targets webcams include:
Camera light turning on for no apparent reason. You may notice that your webcam’s indicator LED light will turn on when making video calls on messaging applications like Skype or Viber. If you notice your camera’s light turn on when none of these valid webcam applications are running, chances are someone else is accessing it.
Unusual network traffic. Windows Task Manager could quickly show you which applications are accessing the network. In the example below, Viber is using bandwidth while streaming video during a call. Task Manager also allows you to quickly survey the other active processes that are currently using computing resources. Take note of unusual processes that use the network for your review.
Notifications from active monitoring. Modern security solutions offer premium features such as webcam protection. Reason, for instance, instantly notifies users if an application is trying to access or activate webcams and microphones. This real-time and active monitoring enables users to be notified immediately so they can stop any suspicious webcam activity.
Malware scan results. You can run antimalware applications like Reason Security to further check for camfecting malware. Most solutions now detect popular remote access tools like Blackshades. Your antimalware solution should be able check the memory, startup processes, system files, browser cache and plugins, and installed applications for the presence of malicious processes.
Removing the Malware
If ever you feel that your webcam may be compromised, take the necessary steps to remedy the issue. It’s important to readily remove threats as soon as they are found. You can place tape over your webcam while you sort things out.
Good antimalware applications not only detect threats but they can also disable and remove them from your system. Most applications provide two options on what to do with discovered threats:
Quarantine. Suspicious files are moved to an isolated space where they aren’t allowed to run or be accessed by other processes, effectively stopping them from causing any further harm. There are rare cases when even legitimate applications can be flagged as malicious. These are known as false positives. Putting discovered threats in quarantine gives you the chance to review and restore files just in case they are valid applications and system files.
Deletion. The application securely terminates malicious processes and deletes the files associated with the malware from the computer entirely.
Camfecting isn’t a threat that anyone should take lightly. Attackers now commonly use automated tools to help them compromise as many systems as possible. If you don’t want to risk having your private life and data broadcasted for the world to see, you should make the effort to practice safe and secure computer use.
Newman advises, “As with most things, prevention is always better than cure. Conventional malware scanners don’t quite capture the realities of modern computing. It pays to invest in a comprehensive security solution that, aside from providing real-time malware protection, protects your communication and browsing activities as well.” (Protecting your IoT devices from compromise is vital. Learn how in 6 Tips for Securing an IoT Device.)
By knowing that your camera feeds are always secure, you can rest assured that no compromising data about you can be used to extort or embarrass you.