7 ways malware can get into your device

This post was originally published on this site

You know that malware is bad, but are you also aware of the various common ways in which it can infiltrate your devices?

Malware has been one of the most common threats that netizens face daily. However, although you have heard about the various types of malware you can encounter, chances are you don’t know how these malicious programs are able to infest your devices.

While knowing what types of threats exist is the first step towards protecting yourself and your devices, the next and arguably more important step is to know how threat actors try to sneak these malicious pieces of code into your computers, smartphones, and tablets. To help you combat these threats, we look at some of the most common methods and tactics used to tricking netizens into downloading malware and compromising their data and security.

Phishing and malspam emails

While usually the main objective of phishing emails is to wheedle sensitive information out of you such as your access credentials to various services, your card verification code (last three digits on the backside of your payment card), PIN code, or other personally identifiable information (PII) by masquerading as a trusted institution, they may contain attachments or links that will lead to your device getting infested with malware.

Therefore, it’s always prudent to not just skim over your emails but read them thoroughly. More often than not you’ll notice dead giveaways that you’re dealing with a scam. Telltale signs usually include spelling mistakes, evoking a sense of urgency, requesting personal information, or the email originating from a suspicious domain.

Fraudulent websites

To trick victims into downloading malicious apps, cybercriminals like to spoof websites of famous brands or organizations. The scammers create fraudulent webpages masquerading as the real deal, with the domain name resembling the domain of the organization being spoofed as closely as possible, with some subtle differences here and there, such as adding a letter or symbol or even a whole word. The websites will be malware-laced and will try to dupe the target into clicking on links that will download malware into their devices.

To avoid getting your device infested with malware by visiting one of these websites, always search for the official domain by typing it into a search engine or by typing it manually into the address bar. It bears repeating that a proper security solution will also protect you from most threats and will also block you from accessing known malicious websites.

USB flash drives

External storage devices are a popular form of storing and transferring files; however, they do carry a number of risks. For example, threat actors like to use the “lost” flash-drive social engineering strategy, to dupe unwitting good Samaritans into plugging a compromised thumb drive into their computers. Once an afflicted drive is plugged in and opened your device can get infested with a keylogger or ransomware.

Alternatively, if you aren’t careful about how you handle your flash drive, your computer may get infested by cross-contamination. To mitigate the chances of contaminating your PC you should use a reputable and up-to-date endpoint security solution that will scan an external media plugged into your device and warn you if it contains anything suspicious.

P2P sharing and torrents

While over the years peer-to-peer sharing and torrents have gained a reputation for being a place to illegally download software, games, and media, they have been used by developers as an easy way to disseminate their open-source software or musicians to spread their songs. However, they are also infamous for being abused by black hats who inject the shared files with malicious code. Most recently, ESET researchers uncovered cybercriminals misusing the BitTorrent protocol and Tor network to spread KryptoCibule, a multitasking multicurrency cryptostealer.

To minimize the risk of being compromised, you should use a reputable Virtual Private Network (VPN) to encrypt your traffic and keep it safe from prying eyes. You should also use an up-to-date security solution that can protect you from most threats including viruses or malware that may be a part of the files you’re trying to torrent.

Compromised software

Although it may not happen often, software being directly compromised by threat actors isn’t a rare occurrence. One prominent example of an application’s security being compromised was the case of CCleaner. In these attacks, the black hats inject the malware directly into the application, which is then used to spread the malware when unsuspecting users download the app.

Since CCleaner is a trusted application, it wouldn’t have occurred to a user to overly scrutinize it. However, you should be careful when downloading any type of software even the one you trust. You also can’t go wrong by using a reputable security solution and don’t forget to patch and update your apps regularly, security patches usually deal with any vulnerabilities or loopholes found in the affected apps.

Adware

Some websites are often riddled with various ads that pop up whenever you click on any section of the webpage or can even appear immediately whenever you access certain websites. While the aim of these ads is to generally generate revenue for these sites, sometimes they are laced with various types of malware and by clicking on these ads or adware, you may involuntarily download it onto your device. Some ads even use scare tactics telling users that their device has been compromised and only their solution can clean it up, however, that is almost never the case.

A sizeable amount of the adware can be avoided by using trusted ad-blocking extensions on your browser, which will, as the name suggests, block ads from appearing on the website you’re visiting. Another thing you can do is avoid suspicious websites that use such advertisements altogether.

Fake apps

The last item on this list deals with fake mobile applications. These apps usually masquerade as the real thing and try to dupe users into downloading them into their devices, thereby compromising them. They can take on the guise of anything, posing as fitness-tracking toolscryptocurrency apps, or even COVID-19 tracing apps. However,