Anti-malware vs antivirus

Trojanized apps on Android smartphones

Trojans aren’t just a problem for laptops and desktops. They attack mobile devices as well, which makes sense given the tempting target presented by the billions of phones in use.

As with computers, the Trojan presents itself as a legitimate program, although it’s actually a fake version of the app full of malware.

Such Trojans usually lurk on unofficial and pirate app markets, enticing users to download them. The Trojans run the full gamut of mischief, infecting the phone with ads and keyloggers, which can steal information. Dialer Trojans can even generate revenue by sending out premium SMS texts.    

“Browser extension add-ons can act as Trojans as well….”

Android users have been the victims of Trojanized apps even from Google Play, which is constantly scanning and purging weaponized apps (many times after the Trojan’s discovery). Browser extension add-ons can act as Trojans as well, since it’s a payload capable of carrying embedded bad code.

While Google can remove browser add-ons from computers, on phones the Trojans can place transparent icons on the screen. It’s invisible to the user, but nonetheless reacts to a finger touch to launch its malware.

As for iPhone users, there’s good news: Apple’s restrictive policies regarding access to its App Store, iOS, and any other apps on the phone do a good job of preventing Trojan incursions. The only exception occurs for those who jailbreak their phones in their quest to download freebies from sites other than the App Store. Installing risky apps outside the Apple settings makes you vulnerable to Trojans.

How do I prevent Trojans?

Since Trojans rely on fooling users into letting them into the computer, most infections are avoidable by remaining vigilant and observing good security habits. Practice a healthy skepticism about websites offering free movies or gambling, opting instead to download free programs directly from the producer’s site rather than from unauthorized mirror servers.

Another precaution to consider: change the default Windows settings so that the real extensions of applications are always visible. This avoids getting tricked by an innocent looking icon.

Other good practices besides installing Malwarebytes for Windows, Malwarebytes for Android, and Malwarebytes for Mac include:

  • Running periodic diagnostic scans
  • Setting up automatic updates of your operating system software, ensuring you have the latest security updates
  • Keeping your applications updated, ensuring any security vulnerabilities are patched
  • Avoiding unsafe or suspicious websites
  • Being skeptical of unverified attachments and links in unfamiliar emails
  • Using complex passwords
  • Staying behind a firewall

Types of spyware

In most of the cases, the functionality of any spyware threat depends on the intentions of its authors. For example, some typical functions designed into spyware include the following.

    • Password stealers are applications designed to harvest passwords from infected computers. The types of collected passwords may include stored credentials from web browsers, system login credentials, and sundry critical passwords. These passwords may be kept in a location of the attacker’s choosing on the infected machine or may be transmitted to a remote server for retrieval.
    • Banking Trojans (e.g. Emotet) are applications designed to harvest credentials from financial institutions. They take advantage of vulnerabilities in browser security to modify web pages, modify transaction content, or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application. Banking Trojans may target a variety of financial institutions, including banks, brokerages, online financial portals, or digital wallets. They might also transmit collected information to remote servers for retrieval.
    • Infostealers are applications that scan infected computers and seek out a variety of information, including usernames, passwords, email addresses, browser history, log files, system information, documents, spreadsheets, or other media files. Like banking Trojans, infostealers may exploit browser security vulnerabilities to collect personal information in online services and forums, then transmit the information to a remote server or store it on your PC locally for retrieval.
    • Keyloggers, also referred to as system monitors, are applications designed to capture computer activity, including keystrokes, websites visited, search history, email discussions, chatroom dialogue, and system credentials. They typically collect screenshots of the current window at scheduled intervals. Keyloggers may also collect functionality, allowing for stealthy capture and transmission of images and audio/video from any connected devices. They might even allow attackers to collect documents that are printed on connected printers, which can then be transmitted to a remote server, or stored locally for retrieval.

Mobile spyware

Also, it’s not just consumers that mobile spyware criminals target. If you use your smartphone or tablet in the workplace, hackers can turn their attack to your employer organization through vulnerabilities in mobile devices. Moreover, your corporation’s incident response team may not detect breaches that originate through a mobile device.

Spyware breaches on smartphones commonly occur in three ways:

  • Unsecured free wi-fi, which is common in public places such as airports and cafes. If you log onto an unsecured network, the bad guys can see everything you do while connected. Pay attention to warning messages your device may give you, especially if it indicates that the server identity cannot be verified. Protect yourself by avoiding such unsecured connections.
  • Operating system (OS) flaws, which open up exploits that could let attackers infect a mobile device. Smartphone manufacturers frequently release OS updates to protect users, which is why you should install updates as soon as they are available (and before hackers try to infect out-of-date devices).
  • Malicious apps, which hide in seemingly legitimate applications, especially when they are downloaded from websites or messages instead of an app store. Here it’s important to look at the warning messages when installing applications, especially if they seek permission to access your email or other personal information. Bottom line: It’s best to stick to trusted sources for mobile apps and avoid any third-party apps.

Шаг третий: Очистка реестра

Произвести чистку реестра можно как вручную, так и при помощи сторонних утилит. Рассмотрим оба варианта действий.

Для ручной чистки системы потребуется:

  1. Создать точку восстановления Windows на случай непредвиденных сбоев в работе ОС. Для этого кликнуть по значку в виде лупы, расположенному рядом с меню «Пуск», и вбить ключевую команду «Восстановление».
  2. Перейти в раздел «Настройка восстановления системы».
  3. В окне «Свойства» перейти на вкладку «Защита системы» и выбрать опцию «Создать» в правом нижнем углу приложения. Вбить любое наименование файла и указать директорию, которую нужно запомнить.
  4. Войти на ПК в «Безопасном режиме». Для этого при выключении нужно удерживать «Shift», а после появления черного экрана кликнуть на «F8» или «F12» в зависимости от версии ОС.
  5. На экране отобразится синий экран «Выбор действия» – зайти в «Дополнительные параметры», после чего выбрать крайний правый пункт меню «Параметры загрузки».
  6. Нажать на клавишу «F4» для выбора «Безопасного режима» и кликнуть на «Перезагрузить».
  7. После загрузки Виндовс можно приступить к очистке реестра. Для этого нужно зажать сочетание клавиш Win+R, в окне «Выполнить» ввести фразу «regedit».
  8. В «Редакторе реестра» нажать на Ctrl+F и ввести в открывшемся диалоговом окне наименование зловреда «random» и тапнуть по «Найти далее».
  9. На экране отобразится список записей в реестре, в имени которых присутствует слово «random» — обязательно досконально проверить каждую из них.
  10. При отсутствии уверенности в том, что тот или иной файл необходимо уничтожить – лучше проверить информацию на специализированных форумах либо воспользоваться программными средствами.

Лучшими инструментами для очистки реестра можно назвать такие программы: Reg Organizer, Revo Uninstaller, традиционный и главное бесплатный Клинер. Рассмотрим каждый вариант.

Чтобы очистить Windows от остаточных файлов в Reg Organizer, нужно:

  1. Загрузить ПО с сайта производителя, установить и открыть.
  2. Перейти на вкладку «Автом. чистка…» и проверить ОС по трем параметрам: «Логическая структура», «Физическая структура», «Состояние файловой системы».
  3. Обычно программа самостоятельно находит нежелательные записи и ликвидирует их во время проверок, но иногда может потребоваться инструмент ручной чистки.
  4. Интерфейс настолько прост и интуитивен, что справиться с задачей сможет даже начинающей пользователь. Но все-таки стоит перед началом любых манипуляций воспользоваться описанным выше механизмом создания точки восстановления Windows и зайти на ПК в защищенном режиме.
  5. Перезагрузить ПК.

Чтобы почистить Виндовс в Revo Uninstaller, необходимо выполнить следующие действия:

  1. Загрузить, установить и открыть приложение.
  2. На левой боковой панели инструментов выбрать последнюю позицию «Чистильщик Windows».
  3. На основном экране приложения отметить вручную опции «Следы в реестре» и «… на жестком диске», после чего тапнуть по «Очистить».
  4. Спустя некоторое время на экране отобразится сообщение о том, что система очищена.
  5. Осуществить ребут.

Для работы в CCleaner нужно:

  1. Скачать, установить и запустить утилиту.
  2. Перейти в раздел «Очистка» левого бокового меню и выбрать вкладку «Приложения» — отметить веб-браузеры, которые нужно избавить от остатков вредоносного ПО, затем выбрать в правой нижней части экрана клавишу «Анализ».
  3. После завершения запущенного процесса тапнуть по «Очистке».
  4. Войти в раздел «Реестр» и кликнуть по «Поиску проблем» — согласиться на создание резервной копии Виндовса (ввести имя файла, выбрать директорию), нажать «ОК».
  5. Запустится автоматический процесс, по окончании которого избрать опцию «Исправить отмеченные».
  6. После появления уведомления об окончании чистки Виндовса осуществить ребут ПК.

Теперь необходимо проверить настройки используемых веб-браузеров при помощи встроенных инструментов Windows или бесплатных утилит-блокировщиков (шаг 4).

Who do spyware authors target?

Unlike some other types of malware, spyware authors do not really target specific groups or people. Instead, most spyware attacks cast a wide net to collect as many potential victims as possible. And that makes everyone a spyware target, as even the slightest bit of information might find a buyer.

“Spyware attacks cast a wide net to collect as many potential victims as possible.”

Information obtained through stolen documents, pictures, video, or other digital items can even be used for extortion purposes.

So, at the end of the day, no one is immune from spyware attacks, and attackers usually care little about whom they are infecting, as opposed to what they are after.

Mac spyware

Spyware authors have historically concentrated on the Windows platform because of its large user base when compared to the Mac. However, the industry has seen a big jump in Mac malware since 2017, the majority of which is spyware. Although spyware authored for the Mac has similar behaviors as the Windows variety, most of the Mac spyware attacks are either password stealers or general-purpose backdoors. In the latter category, the spyware’s malicious intent includes remote code execution, keylogging, screen captures, arbitrary file uploads and downloads, password phishing, and so on.

“The industry has seen a big jump in Mac malware in 2017, the majority of which is spyware.”

In addition to malicious spyware, there’s also so-called “legitimate” spyware for Macs. This software is actually sold by a real company, from a real website, usually with the stated goal of monitoring children or employees. Of course, such software is a two-edged sword, as it’s very often misused, providing the average user with a way of accessing spyware capabilities without needing any special knowledge.

How can I tell if my Android device has malware?

There are a few unmistakable signs your Android phone is infected. That said, you may be infected if you see any of the following.

  • A sudden appearance of pop-ups with invasive advertisements. If they appear out of nowhere and send you to sketchy websites, you’ve probably installed something that hides adware within it. It suffices to say—don’t click on these ads.
  • A puzzling increase in data usage. Malware chews up your data plan by displaying ads and sending out the purloined information from your phone.
  • Bogus charges on your bill. This happens when malicious software makes calls and sends texts to premium numbers.
  • Your battery runs down quickly. Malware is a resource burden, gulping down your battery’s juice faster than normal. 
  • Your contacts receive strange emails and texts from your phone. Mobile malware often spreads from one device to another by means of emails and texts containing malicious links.
  • Your phone is hot. A phone generally means the processor is being taxed by a lot of resource intensive activity. Malware? Possibly. The Loapi Trojan can push the processor to the point of overheating the phone, which makes the battery bulge, leaving your phone for dead.
  • Apps you didn’t download. Sometimes you download seemingly legitimate apps that have malware buried in the code. This malware, in turn, downloads other malicious apps. It helps to stick to trusted apps from known sources, but even the Google Play store itself has dozens of malicious apps sneak through every year.
  • Wi-Fi and Internet connections turn themselves on. This is another way malware propagates, ignoring your preferences and opening up infection channels.

Who does malware target?

The answer here is: Take your pick. There are billions of consumer-owned devices out there. They’re connected to banks, retail store accounts, and anything else worth stealing. It’s a broad attack surface for adware and spyware, keyloggers, and malvertising—as well as an attractive method for lazy criminals to create and distribute malware to as many targets as possible, with proportionately little effort.

“If you use your smartphone or tablet in the workplace, hackers can turn their attack to your employer.”

While not currently popular with cybercriminals, cryptominers seem to be equal opportunity about their targets, going after both individuals and businesses. Ransomware, on the other hand, targets businesses, hospitals, municipalities, and retail store systems in disproportionately greater numbers than consumers.

To repeat, not all of the apps available through Apple’s App Store and Google Play are desirable and the problem is even more acute with third-party app stores. While the app store operators try to prevent malicious apps from penetrating their site, some inevitably slip through. These apps can steal user information, attempt to extort money from users, try to access corporate networks to which the device is connected, and force users to view unwanted ads or engage in other types of unsanitary activity.

Шаг четвертый: Сброс браузеров

Чтобы окончательно удалить следы win32 и win64 malware gen, нужно зайти в «Settings» всех поисковых приложений.

Сброс Google Chrome проводится следующим образом:

  1. Кликнуть по значку в виде трех точек, расположенному в правом верхнем углу экрана, и выбрать третий снизу пункт раскрывающегося списка — «Settings».
  2. Спуститься в самый низ экрана и кликнуть по «Дополнительные».
  3. В разделе «Сброс настроек и удаление вредоносного ПО» выбрать подраздел «Восстановление настроек по умолчанию», после чего нажать на синюю интерактивную кнопку «Сбросить настройки».
  4. Перезагрузить ПК.

Сброс Opera осуществляется так:

Сбросить Mozilla Firefox проще всего. Надо зайти на сайт поддержки пользователей в раздел «Сброс настроек Firefox для поиска и устранения проблем», находясь в Фаерфокс, и щелкнуть по синей клавише «Очистить Firefox». Осуществить ребут.

Чтобы почистить стандартный Internet Explorer:

  1. Перейти на вкладку «Дополнительно».
  2. Выбрать пункт «Сброс параметров браузера» и тапнуть на «Сброс» — подтвердить действие 2 раза. Чтобы удалить личные сведения, потребуется отметить данный пункт, перед тем как нажать на «Сброс».
  3. Перезагрузить компьютер.

Теперь надо исправить ярлыки, расположенные на Desktop.

What is the history of malware?

Given the variety of malware types and the massive number of variants released into the wild daily, a full history of malware would comprise a list too long to include here. That said, a look at malware trends in recent decades is more manageable. Here are the main trends in malware development.

The 1980s and onward: The theoretical underpinning of “self-reproducing automata” (i.e., viruses) dates back to a lecture delivered in 1949 by 20th century Renaissance man John von Neumann. However, the history of modern viruses begins with a program called Elk Cloner, which started infecting Apple II systems in 1982. Disseminated by infected floppy disks, the virus itself was harmless, but it spread to all disks attached to a system, exploding so virulently that it can be considered the first large-scale computer virus outbreak in history. Note that this was prior to any Windows PC malware. Since then, viruses and worms have become widespread.

The 1990s: Microsoft Windows began its long run as the most popular OS in the world (not to be overtaken till Google’s Android many years later). As the Windows OS and its built-in applications grew in popularity, so too did the number of viruses written for the platform. In particular, malware authors started to write infectious code in the macro language of Microsoft Word. These macro viruses infected documents and templates rather than executable applications, although strictly speaking, the Word document macros are a form of executable code.

2002 to 2007: Instant messaging (IM) worms spread across popular IM networks, including AOL AIM, MSN Messenger, and Yahoo Messenger. Most attacks started with a social engineering ploy. Attackers might send out an IM that reads something like “Who’s with you in this picture?” or “OMG, I think you won the lottery!” along with a link to a malicious download. Once your system was infected, the IM worm would further propagate itself by sending malicious download links to everyone on your contact list.

2005 to 2009: Adware attacks proliferated, presenting unwanted advertisements to computer screens, sometimes in the form of a pop-up or in a window that users could not close. These ads often exploited legitimate software as a means to spread, but around 2008, software publishers began suing adware companies for fraud. The result was millions of dollars in fines. This eventually drove adware companies to shut down. Today’s tech support scams owe much to the adware of yesteryear, employing many of the same tricks as the old adware attacks; e.g., full screen ads that can’t be closed or exited.

2007 to 2009: Malware scammers turned to social networks such as Myspace as a channel for delivering rogue advertisements, links to phishing pages, and malicious applications. After Myspace declined in popularity, Facebook and Twitter became the preferred platforms.

2013: A new form of malware called ransomware launched an attack under the name CryptoLocker, which continued from early September 2013 to late May 2014, targeting computers running Windows. CryptoLocker succeeded in forcing victims to pay about $3 million in total, BBC News reported. Moreover, the ransomware’s success gave rise to an unending series of copycats.

2013 to 2017: Delivered through Trojans, exploits, and malvertising, ransomware became the king of malware, culminating in huge outbreaks in 2017 that affected businesses of all kinds.

2017: Cryptocurrency—and how to mine for it—has captured widespread attention, leading to a new malware scam called cryptojacking, or the act of secretly using someone else’s device to surreptitiously mine for cryptocurrency with the victims’ resources.

2018 to 2019: Ransomware made its big comeback. This time, however, cybercriminals shifted their focus from individual consumers to business targets. Riding a wave of GandCrab and Ryuk ransomware infections, attacks on businesses went up 365 percent from 2018 to 2019. As of this writing, there’s no indication the ransomware attacks will slow down.

How can I tell if I have a malware infection?

Malware can reveal itself with many different aberrant behaviors. Here are a few telltale signs that you have malware on your system:

  • Your computer slows down. One of malware’s side effects is to reduce the speed of your operating system (OS), whether you’re navigating the Internet or just using your local applications, usage of your system’s resources appears abnormally high. You might even notice your computer’s fan whirring away at full speed—a good indicator that something is taking up system resources in the background. This tends to happen when your computer has been roped into a botnet; i.e. a network of enslaved computers used to perform DDoS attacks, blast out spam, or mine cryptocurrency.
  • Your screen is inundated with annoying ads. Unexpected pop-up ads are a typical sign of a malware infection. They’re especially associated with a form of malware known as adware. What’s more, pop-ups usually come packaged with other hidden malware threats. So if you see something akin to “CONGRATULATIONS, YOU’VE WON A FREE PSYCHIC READING!” in a pop-up, don’t click on it. Whatever free prize the ad promises, it will cost you plenty.
  • Your system crashes. This can come as a freeze or a BSOD (Blue Screen of Death), the latter occurs on Windows systems after encountering a fatal error.
  • You notice a mysterious loss of disk space. This could be due to a bloated malware squatter, hiding in your hard drive aka bundleware.
  • There’s a weird increase in your system’s Internet activity. Take Trojans for example. Once a Trojan lands on a target computer, the next thing it does is reach out to the attacker’s command and control server (C&C) to download a secondary infection, often ransomware. This could explain the spike in Internet activity. The same goes for botnets, spyware, and any other threat that requires back and forth communication with the C&C servers.
  • Your browser settings change. If you notice your homepage changed or you have new toolbars, extensions, or plugins installed, then you might have some sort of malware infection. Causes vary, but this usually means you clicked on that “congratulations” pop-up, which downloaded some unwanted software.
  • Your antivirus product stops working and you cannot turn it back on, leaving you unprotected against the sneaky malware that disabled it. 
  • You lose access to your files or your entire computer. This is symptomatic of a ransomware infection. The hackers announce themselves by leaving a ransom note on your desktop or changing your desktop wallpaper itself in to a ransom note (see GandCrab). In the note, the perpetrators typically inform you that your data has been encrypted and demand a ransom payment in exchange for decrypting your files.

Even if everything seems to be working just fine on your system, don’t get complacent, because no news isn’t necessarily good news. Powerful malware can hide deep in your computer, evading detection, and going about its dirty business without raising any red flags. While we’ve provided a quick malware spotter’s guide, it really takes the unfaltering eye of a good cybersecurity program to detect malware on your system (more on that later).

Do mobile devices get malware?

Malware criminals love the mobile market. After all, smartphones are sophisticated, complex handheld computers. They also offer an entrance into a treasure trove of personal information, financial details, and all manner of valuable data for those seeking to make a dishonest dollar. 

The fact is, it’s a huge market (read: target). The GSMA, a trade body that represents mobile carriers, puts the number of mobile device users somewhere over 5 billion, worldwide. A quarter of these users own more than one device. Fraudsters find the mobile market very attractive and take advantage of a gigantic economy of scale to leverage their efforts.

Mobile users are often easier to target as well. Most do not protect their phones as diligently as they do their computers, failing to install security software or keep their operating systems up to date. It’s not entirely our fault. Apple, on average, supports their phones—meaning you can download the latest iOS—five years after the launch date. Android phones can be updated for about three years.

Infected mobile devices are a particularly insidious danger compared to a PC. Ironically, the “personal computer” isn’t personal anymore. Phones, conversely, go with us everywhere. As a society we’ve become so attached to our phones that there’s now an actual word for the fear we experience when we don’t have our phones: Nomophobia.

A hacked microphone and camera can record everything you see and say. A hacked GPS can broadcast your every move. Even worse, mobile malware can be used to evade the multi-factor authentication (MFA) many apps use to keep our data secure.

“The more popular Android platform attracts more malware than the iPhone.”

Keep in mind that cheap phones can come with malware pre-installed, which can be difficult to remove (Malwarebytes for Android is a big help here).

Regarding the mobile malware ecosystem, the two most prevalent smartphone operating systems are Google’s Android and Apple’s iOS. Android leads the market with 76 percent of all smartphone sales, followed by iOS with 22 percent of all smartphones sold. No big surprise then that the more popular Android platform attracts more malware than the iPhone. Let’s look at them each separately.

Оцените статью
Рейтинг автора
5
Материал подготовил
Илья Коршунов
Наш эксперт
Написано статей
134
Добавить комментарий