- Examples of malware
- How malware infects your devices
- How to protect your devices from malware
- How to know if your device is infected by a malware
- How to remove malware from your infected devices
- McAfee, an anti-malware software
- Last words
Note: This article has affiliate links.
Do you own a computer or a mobile phone? If you use your devices to access the internet, they are vulnerable to malware infection. One way you can protect them is to use an anti-malware product such as NordVPN’s CyberSec, McAfee, or Norton, one of the best malware protection software.
A malware, or malicious software, is a software application developed to intentionally hurt computing systems, such as a computer, mobile phone, and network. As you will soon see, there are many ways malware can infect your devices, most of which involve tricking you into taking an action that will ease their entry into your devices.
In recent years, malware infection has multiplied as software use has become more ubiquitous among people and institutions. Reliance on software for serious activities, such as banking, investing, and health data collection, has increased, so damage that malware can inflict has more deleterious consequences than before. You will soon see several examples of malware, most of which have been used in 2021. While the actors behind these malware attacks have become more skillful, the mode of distribution of their malware has also upgraded, from a small group of attackers to a large, sophisticated network of attackers that receive a cut from the malware developers; for example, the malware Avaddon is distributed according to the latter scheme. You will soon find out more about these malware.
Although using a malware protection package such as NordVPN’s CyberSec, McAfee, or Norton might be the easiest way to prevent your devices from being infected, you will soon find that there are other methods of protection. You will also find out ways to know if your devices have been infected and ways to remove the malware from your devices if infected.
Examples of malware
This malware encrypts files of a computer and displays a message that asks for a ransom to decrypt the files. The encrypted files will have different extensions; for example, a file named pic.jpeg is renamed pic.jpeg.ghost after the infection. Downloading files to a computer is one of the ways such malware can affect a computer. For more, you can go here.
This malware steals people’s credentials (e.g. username and password) for websites such as Facebook, Instagram, PayPal, Twitter, Tumblr, and Apple. This malware infects a device when a user downloads software from websites, such as crack sites, that promise to give access to a free version of that software. More information can be found about CopperStealer here.
This malware is a Trojan that can download many other malware into a device and that targets computers with Windows. ZeuS can log someone’s keystrokes to infer what credentials are used to access accounts, such as bank accounts. This malware has been known to lure people to enter identifiable information, such as date of birth, to websites by creating new fields that ask for such information. A device can be infected by ZeuS when a user opens spam emails or downloads unknown software applications. In May 2020, Nir Shwarts, a researcher at IBM, said that Zeus Sphinx, a variant of ZeuS, had been active; he gave more details about how this malware operates here. You can find more information about ZeuS by going here.
This malware is a Trojan that injects adware and other unwanted software to macOS devices. Shlayer can infect a device when a user clicks a fake Adobe Flash button to update the software or when a user downloads unlicensed software from Torrent websites. If a device is infected, the user may see spontaneous popups and be automatically redirected to websites that were not requested. In June 2020, Joshua Long from Intego announced that a new variant of a Shlayer had been infecting macOS devices from clicking Google search results; more can be found here. For more on Shlayer, you can go here.
This malware is a Trojan that can infect devices with other malware. It targets banking information and identifiable information such as dates of birth and social security numbers. A device can be infected with TrickBot when users download an attachment from a spam e-mail. According to an article published in July 2021 in the Daily Beast, Microsoft has helped internet service providers in Latin America to replace their customers’ routers after being infected by the malware. For more on TrickBot, you can visit this webpage.
This malware encrypts the files on a device and asks for a ransom from the device’s owner. Affiliates distribute DarkSide and receive a percentage of the ransom from the malware developers; such model is called ransomware-as-a-service (RaaS). The actors behind DarkSide gain access to their target system by exploiting vulnerabilities in the system such as bugs and make changes in the system before they inject the malware; for more on that, you can go here. In April 2021, the Colonial Pipeline was shut down after its system has been locked down by a malware that is believed to be DarkSide; you can find more about this incident here.
This malware copies and encrypts its target’s data and asks for a ransom to decrypt the data. If the ransom is not paid, Avaddon’s actors leak the target’s data on the web or initiate a denial-of-service attack (DDoS) on the target’s website. Avaddon is ransomware-as-a-service, where the distributors of the malware receive from the malware developers a percentage of the ransom. The malware actors access their target’s system by using remote access login credentials; more can be found here.
Here is a message from the Avaddon actors that instructs the device owner how to decrypt the locked files:
In May 2021, Asian offices of the French insurance company AXA were hit by Avaddon. The malware actors claim to have copied 3 terabytes of data, which contain customers’ health data, financial information, and government ID numbers. More about this attack can be found here.
This malware is a Trojan that targets Windows systems to inject them with the cryptocurrency miner XMRIG that uses its targets’ systems to mine Monero. Crackonosh infects a device when owners download a cracked software application such as a free version of a proprietary game; some of the game applications that are known to have been infected by Crackonosh are Far Cry 5, NBA 2K19, Grand Theft Auto V, The Sims 4 Season, and Jurassic World Evolution. When Crackonosh infects a system, it disables the system’s security to avoid being detected. For more on this malware, you can go here. According to a report by Avast, about 1,000 devices per day were infected by Crackonosh in May 2021, and 222,000 unique devices were infected from December 2020 to May 2021. You can see below the countries hit by the malware:
This malware steals cryptocurrencies, such as Bitcoin, Ethereum, and Bitcoin Cash, by replacing a target’s wallet ID for a cryptocurrency in the clipboard with the actor’s wallet ID; therefore, when a transaction is initiated by the target, the cryptocurrency is transferred to the actor’s wallet. This malware is offered as a service, meaning anyone can buy it to use on targets. WeSteal has been discovered early 2021, so no major theft is known to have been related to the malware. You can find more about WeSteal here.
How malware infects your devices
Here are some of the ways that malware can infect your devices:
When an email or text message from an obscure source that appears to be from a legitimate institution asks you to provide personal information such as date of birth or social security number, you may have been exposed to a phishing email or text message. If you provide the requested information, you may become victim of an identity theft; and if you click on any link in the message, you may allow malware to be installed in your device. See the image below for an example of phishing email:
For example, the malware ZeuS can be distributed by phishing.
Cracked software downloading
A cracked software application is a software application that has been modified to suit the needs of some users, such as those who want to use a proprietary software application for free. After being cracked, these software applications are made available online. Some examples of software that have been cracked are game applications such as Grand Theft Auto V, The Sims 4, Euro Truck Simulator 2, and Far Cry 5. Malware such as Crackonosh and CoppperStealer has been distributed on websites that have cracked software applications for downloading.
Besides luring you to click on a link, you may be sent an email with an attachment that triggers a malware infection. When you click on that attachment and download the file, you also download the malware into your device. One way to avoid downloading malware from attachments is to not open emails from unknown sources or to not download any attachments in these emails. For example, TrickBot can infect your device from downloading attachments.
Link clicking from text messages
Cell phones can be spammed with text messages. Text messages can be sent to millions of cell phones from a few senders, and these text messages can lure the recipients to click on links therein. For example, FluBot is an SMS malware targeting Android cell phones. The malware actors send a text message to Android phone users to click on a link that sends them to a website where they can download a fake FedEx application; then, FluBot is installed into the devices if the fake application is downloaded. The malware can steal personal information and login credentials. For more on Flubot, you can go here.
Fake software updating
You may be lured to update an application when you visit a website. By clicking on the link and downloading the files, you may also infect your device with malware. For example, the Trojan Shlayer infects devices by luring website visitors to update Adobe Flash. See below for an example:
Search engine results
Your device can be infected by malware when you click on a search engine result and download a file. For example, actors behind the SolarMarker malware create a PDF document loaded with keywords and post it online; the keywords help the document rank on Google search. When people click on the search result with that PDF document, they are redirected to other websites where they eventually download SolarMarker. For more on SolarMarker, you can go here.
A malware infection that exploits a zero-day vulnerability of a software is called a zero-day malware. A software application has a zero-day vulnerability when it has bugs as a result of programming errors. For example, XCSSET is a malware that exploits vulnerabilities from macOS, Apple operating system; it bypasses the system’s security to operate, such as stealing Safari browser cookies and installing a Safari version. For more on XCSSET, you can go here. According to a Google Threat Analysis Group report published in July 2021, actors used vulnerabilities in Internet Explorer 11 and Chrome to spread malware; you can access the report here.
A malware can infect a USB drive when it is plugged to a computer that is connected to the internet, and the USB drive then infects another computer to which it is plugged. Also, actors can intentionally place a malware in a USB drive that infects a computer if someone uses the USB drive without knowing that it has been infected. In July 2021, it has been reported that malware infected devices in some Asian countries, where one of the methods of infection was through USB drives; you can find more about this here.
How to protect your devices from malware
Another way to protect your devices from malware infections is to understand some of the ways your devices can be infected and find a prevention strategy for each method of infection. We will give you some tips on how to do that:
Beware of phishing emails
When you do not know the sender of an email, do not click any link within and do not download any attachment because it may be a phishing email. Check the sender field of the email to see who sends the message. If the email has a domain name such as “stranger[at]checkme.com”, open another tab in your browser and search the domain “checkme.com”. If you cannot find any website with such name, report the email as a spam or delete it. If you find a website with that name, carefully check the website to see if it is legitimate, such as checking if there is a physical address, a phone number, and a list of people’s names in charge. You can find out more about how to protect yourself from phishing by going here.
Refrain from using cracked software applications
As we have explained before, cracked software applications can be laden with malware. When you download a cracked application, you have no guarantee that the software is free of malware, and malware actors know you are an easy target by trying to obtain a free version of an application you would normally have to buy. Avoid websites that have these free applications. You can save some money to buy the software, wait to see if the price has dropped, check to see if there are used versions on sale, or find other ways to satisfy your need without that software.
Beware of text messages from unknown numbers
As we have mentioned above, the malware Flubot infects Android cell phones by luring phone users to click on a link. A safe way to avoid from being tricked is to not open any text message from an unknown number and delete it. If you open the message, do not click any link or play any video.
Download the latest update for your software
Software programs have zero-day vulnerabilities, and malware actors can exploit these defects; see above for some of these exploits. That is why companies that make software send updates to patch these defects. When you receive an announcement to update your software, do it right away to decrease the chance of your devices being infected by a zero-day attack.
Refrain from plugging an unknown USB drive to your computer
As we have told you before, your devices can be infected from USB drives. If you find a USB drive that you do not own, do not plug it to your computer. You can leave the USB drive where you have found it, or you can send out an announcement that you have found a USB drive if that is possible. Furthermore, do not leave your USB drive unattended in a public space since it could be used to store malware that can infect your devices.
Report search results that spread malware
One way to protect your devices from being infected by clicking search engine results is to stop using search engines altogether. If you really need to use a search engine, then be careful when you visit a website listed by a search engine. Before you download any file from that website, check to see it is legitimate; for example, verify if there is contact information, a social media account with followers, mention of that website on other websites, or a list of people in charge. If you have evidence that the website is a malware spreader, you can report it to Google here.
How to know if your device is infected by a malware
One way to know if your device is infected by a malware is to fully scan your device regularly with antimalware software such as NordVPN’s CyberSec, McAfee, or Norton, some of the best malware protection software you can find.
Other symptoms that your devices could have been infected are:
- Extensions of some of your files have been changed, and you cannot open these files; for example, the Ghost malware changes some of the target’s file extensions;
- Your browser redirects unexpectedly;
- Your antimalware software icon disappears;
- Your device performs very slowly;
- Your device is heated even if not in use.
How to remove malware from your infected devices
Other methods you can use to remove malware are:
- Turn off your device or disconnect it from the internet as the malware may be operated by actors online. If you suspect the malware comes from an app, delete it from your device. When you turn your device back on, do it on Safe Mode.
- If you have Windows as operating system, search for the “Virus & threat protection” app and run a full scan.
- In the case of a malware that encrypts your files and asks for a ransom to decrypt your files (ransomware), search online for a decrypting tool before considering paying the ransom. According to Avast, you should not pay the ransom.
- If you cannot access the internet with your devices while trying to remove the malware, find another way to access the internet to find out removal steps that are specific to your devices (e.g. computer, cell phone, iPad) and to your brand (e.g. Hewlett Packard, MacBook Pro, iPhone 11, Samsung).
McAfee, an anti-malware software
McAfee is a software package that can detect malware in your device and help you remove it. McAfee protects more than 600 million devices, processes more than 62 billion daily real-time threat queries, and discovers more than 600 threats per minute.
You can protect both your computers and mobile phones with McAfee. With the basic AntiVirus Plus plan, you can secure up to 10 devices. With their Total Protection plan, you get the antivirus, identity protection, virtual private network (VPN), and 1 year of Gamer Security, and you can try their Total Protection plan for free for 30 days.
Malware attackers have become more skillful, so another way you can protect your devices is to inform yourself about the latest attacks. By doing that, you can learn some of the attackers’ tactics and devise a strategy against them. For example, now that you know you device can be infected when you click on a link from an unknown email, a strategy could be to refrain from clicking any link from these emails before analyzing them.
There is also cybersecurity research, one of whose goals is to understand cyberattacks and from which new tools can be created. If you follow advances in this area, you may be one of the first users of computing devices to find out some of the best tools to protect your devices from malware, such as NordVPN’s CyberSec, McAfee, and Norton.