All About Malware

You know how every year the medical community campaigns for everyone to get a flu shot? That’s because flu outbreaks typically have a season—a time of year when they start spreading and infecting people.
In contrast, there are no predictable seasonal infections for PCs, smartphones, tablets, and enterprise networks. For them, it’s always flu season. But instead of suffering chills and body aches, users can fall ill from a kind of machine malady—malware.

Malware infections come at us like a torrent of water from a fire hose, each with its own methods of attack—from stealthy and sneaky to subtle like a sledgehammer. But if knowledge is power, as a preventative inoculation against infection, we offer here a short course on malware, what it is, its symptoms, how you get it, how to deal with it, and how to avoid it in the future.

What is malware?

Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems.

Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning.

Malware is all about making money off you illicitly. Although malware cannot damage the physical hardware of systems or network equipment (with one known exception—see the Google Android section below), it can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission.

How can I tell if I have a malware infection?

Malware can reveal itself with many different aberrant behaviors. Here are a few telltale signs that you have malware on your system:

• Your computer slows down. One of malware’s main effects is to reduce the speed of your operating system, whether you’re navigating the Internet or just using your local applications.
• A tidal wave of annoying ads that shouldn’t be there washes over your screen. Unexpected pop-up ads are a typical sign of a malware infection. They’re especially associated with a form of malware known as adware. What’s more, pop-ups usually come packaged with other hidden malware threats. So if you see something akin to “CONGRATULATIONS, YOU’VE WON A FREE PSYCHIC READING!” in a pop-up, don’t click on it. Whatever free prize the ad promises, it will cost you plenty.
• Your system repeatedly crashes, freezes, or displays a BSOD (Blue Screen of Death), which can occur on Windows systems after encountering a fatal error.
• You notice a mysterious loss of disk space, probably due to a bloated malware squatter which hides in your hard drive.
• There’s a weird increase in your system’s Internet activity.
• Usage of your system resources is abnormally high and your computer’s fan starts whirling away at full speed—signs of malware activity taking up system resources in the background.
• Your browser’s homepage changes without your permission. Similarly, links you click send you to an unwanted web destination. This usually means you clicked on that “congratulations” pop-up, which downloaded some unwanted software. Likewise, your browser might slow to a crawl.
• New toolbars, extensions, or plugins unexpectedly populate your browser.
• Your antivirus product stops working and you cannot update it, leaving you unprotected against the sneaky malware that disabled it.
• Then there’s the painfully obvious, intentionally non-stealthy malware attack. This famously happens with ransomware, which announces itself, tells you it has your data, and demands a ransom to return your files.   
• Even if everything seems to be working just fine on your system, don’t get complacent, because no news isn’t necessarily good news. Powerful malware can hide deep in your computer, going about its dirty business without raising any red flags as it snags your passwords, steals sensitive files, or uses your PC to spread to other computers.

How do I get malware?

The recipe for a malware infection calls for a long list of ingredients. Topmost are the two most common ways that malware accesses your system—the Internet and email. So basically, anytime you’re connected online.

Malware can penetrate your computer when (deep breath now) you surf through hacked websites, click on game demos, download infected music files, install new toolbars from an unfamiliar provider, set up software from a dicey source, open a malicious email attachment (malspam), or pretty much everything else you download from the web onto a device that lacks a quality anti-malware security application.

Malicious apps can hide in seemingly legitimate applications, especially when they are downloaded from websites or messages instead of a secure app store. Here it’s important to look at the warning messages when installing applications, especially if they seek permission to access your email or other personal information.

Bottom line, it’s best to stick to trusted sources for mobile apps, only installing reputable third-party apps, and always downloading those apps directly from the vendor—and never from any other site. All in all, there is a world of bad actors out there, throwing tainted bait at you with an offer for an Internet accelerator, new download manager, hard disk drive cleaner, or an alternative web search service.

Malware attacks would not work without the most important ingredient: you. That is, a gullible version of you, willing to open up an email attachment you don’t recognize, or to click and install something from an untrustworthy source. And don’t take this as “click-shaming,” because even very experienced people have been tricked into installing malware.

Even if you install something from a credible source, if you don’t pay attention to the permission request to install other bundled software at the same time, you could be installing software you don’t want. This extra software, also known as a potentially unwanted program (PUP), is often presented as a necessary component, but it often isn’t.

Another wrinkle is a bit of social engineering that a Malwarebytes expert observed in the UK. The scam hit mobile users by taking advantage of a common mobile direct-to-bill payment option. Users visited mobile sites, unwittingly tripping invisible buttons that charge them via their mobile numbers, directly billing the victims’ networks, which pass the cost onto their bill.

To be fair, we should also include a blameless malware infection scenario. Because it’s even possible that just visiting a malicious website and viewing an infected page and/or banner ad will result in a drive-by malware download.

On the other hand, if you’re not running an adequate security program, the malware infection and its aftermath are still on you.

What are the most common forms of malware?

Here are the most common offenders in the rogues’ gallery of malware:

• Adware is unwanted software designed to throw advertisements up on your screen, most often within a web browser. Typically, it uses an underhanded method to either disguise itself as legitimate, or piggyback on another program to trick you into installing it on your PC, tablet, or mobile device.
• Spyware is malware that secretly observes the computer user’s activities without permission and reports it to the software’s author.
• A virus is malware that attaches to another program and, when executed—usually inadvertently by the user—replicates itself by modifying other computer programs and infecting them with its own bits of code.
• Worms are a type of malware similar to viruses, self-replicating in order to spread to other computers over a network, usually causing harm by destroying data and files.
• A Trojan, or Trojan horse, is one of the most dangerous malware types. It usually represents itself as something useful in order to trick you. Once it’s on your system, the attackers behind the Trojan gain unauthorized access to the affected computer. From there, Trojans can be used to steal financial information or install threats like viruses and ransomware.
• Ransomware is a form of malware that locks you out of your device and/or encrypts your files, then forces you to pay a ransom to get them back. Ransomware has been called the cyber criminal’s weapon of choice because it demands a quick, profitable payment in hard-to-trace cryptocurrency. The code behind ransomware is easy to obtain through online criminal marketplaces and defending against it is very difficult.
• Rootkit is a form of malware that provides the attacker with administrator privileges on the infected system. Typically, it is also designed to stay hidden from the user, other software on the system, and the operating system itself.
• A keylogger is malware that records all the user’s keystrokes on the keyboard, typically storing the gathered information and sending it to the attacker, who is seeking sensitive information like usernames, passwords, or credit card details.
• Malicious cryptomining, also sometimes called drive-by mining or cryptojacking, is an increasingly prevalent malware usually installed by a Trojan. It allows someone else to use your computer to mine cryptocurrency like Bitcoin or Monero. So instead of letting you cash in on your own computer’s horsepower, the cryptominers send the collected coins into their own account and not yours. Essentially, a malicious cryptominer is stealing your resources to make money.
• Exploits are a type of malware that takes advantage of bugs and vulnerabilities in a system in order to allow the exploit’s creator to take control. Among other threats, exploits are linked to malvertising, which attacks through a legitimate site that unknowingly pulls in malicious content from a bad site. Then the bad content tries to install itself on your computer in a drive-by download. No clicking is necessary. All you have to do is visit a good site on the wrong day.

What is the history of malware?

Given the variety of malware types and the massive number of variants released into the wild daily, a full history of malware would comprise a list too long to include here. That said, a look at malware trends in recent decades is more manageable. Here are the main trends in malware development.

The 1980s and onward: The theoretical underpinning of “self-reproducing automata” (i.e., viruses) dates back to an article published in 1949, and early viruses occurred on pre-personal computer platforms in the 1970s. However, the history of modern viruses begins with a program called Elk Cloner, which started infecting Apple II systems in 1982. Disseminated by infected floppy disks, the virus itself was harmless, but it spread to all disks attached to a system, exploding so virulently that it can be considered the first large-scale computer virus outbreak in history. Note that this was prior to any Windows PC malware. Since then, viruses and worms have become widespread.

The 1990s: The Microsoft Windows platform emerged this decade, along with the flexible macros of its applications, which led malware authors to write infectious code in the macro language of Microsoft Word and other programs. These macro viruses infected documents and templates rather than executable applications, although strictly speaking, the Word document macros are a form of executable code.

2002 to 2007: Instant messaging worms—self-replicating malicious code spread through an instant messaging network—take advantage of network loopholes to spread on a massive scale, infecting the AOL AIM network, MSN Messenger, and Yahoo Messenger, as well as corporate instant messaging systems.

2005 to 2009: Adware attacks proliferated, presenting unwanted advertisements to computer screens, sometimes in the form of a pop-up or in a window that users could not close. These ads often exploited legitimate software as a means to spread, but around 2008, software publishers began suing adware companies for fraud. The result was millions of dollars in fines. This eventually drove adware companies to shut down.

2007 to 2009: Malware scammers turned to social networks such as MySpace as a channel for delivering rogue advertisements, redirects, and offers of fake antivirus and security tools. Their ploys were designed to dupe consumers through social engineering tricks. After MySpace declined in popularity, Facebook and Twitter became the preferred platforms. Common tactics included presenting fake links to  phishing pages and promoting Facebook applications with malicious extensions. As this trend tapered down, scammers explored other means to steal.

2013: A new form of malware called ransomware launched an attack under the name CryptoLocker, which continued from early September 2013 to late May 2014, targeting computers running Windows. CryptoLocker succeeded in forcing victims to pay about $27 million by the last quarter of 2013. Moreover, the ransomware’s success spawned other similarly named ransomware. One copycat variant netted more than $18 million from about 1,000 victims between April 2014 and June 2015.

2013 to 2017: Delivered through Trojans, exploits, and malvertising, ransomware became the king of malware, culminating in huge outbreaks in 2017 that affected businesses of all kinds. Ransomware works by encrypting the victim’s data, then demanding payments to release it.

2017 to Present: Cyptocurrency—and how to mine for it—has captured widespread attention, leading to a new malware scam called cryptojacking, or the act of secretly using someone else’s device to surreptitiously mine for cryptocurrency with the victims’ resources.

Do Macs get malware?

Conventional wisdom has sometimes held that Macs and iPads are immune to catching viruses (and don’t need an antivirus). For the most part, that’s true. At the very least, it hasn’t happened in a long time.

Other kinds of malware are a different story. Mac systems are subject to the same vulnerabilities (and subsequent symptoms of infection) as Windows machines and cannot be considered bulletproof. For instance, the Mac’s built-in protection against malware doesn’t block all the adware and spyware bundled with fraudulent application downloads. Trojans and keyloggers are also threats. The first detection of ransomware written specifically for the Mac occurred in March 2016, when a Trojan-delivered attack affected more than 7,000 Mac users.

In fact, Malwarebytes saw more Mac malware in 2017 than in any previous year. By the end of 2017, the number of new unique threats that our professionals counted on the Mac platform was more than 270 percent higher compared to the number noted in 2016.

For more on the state of Mac malware, visit the Malwarebytes blog site here.

Do mobile devices get malware?

Malware criminals love the mobile market. After all, smartphones are sophisticated, complex handheld computers. They also offer an entrance into a treasure trove of personal information, financial details, and all manner of valuable data for those seeking to make a dishonest dollar.

Unfortunately, this has spawned an exponentially increasing number of malicious attempts to take advantage of smartphone vulnerabilities. From adware, Trojans, spyware, worms, and ransomware, malware can find its way onto your phone in a number of ways. Clicking on a dodgy link or downloading an unreliable app are some obvious culprits, but you can also get infected through emails, texts, and even your Bluetooth connection. Moreover, malware such as worms can spread from one infected phone to another.

The fact is, it’s a huge market (read: target). One source of statistics puts the number of mobile device users at 2.1 billion, worldwide—with a projected growth to 2.5 billion users by 2019. A quarter of these users own more than one device. Fraudsters find the mobile market very attractive and take advantage of a gigantic economy of scale to leverage their efforts.

Mobile users are often easier to target as well. Most do not protect their phones as diligently as they do their computers, failing to install security software or keep their operating systems up to date. Because of this, they are vulnerable to even primitive malware. Since mobile devices’ screens are small and users can’t easily see activity, the typical red-flag behaviors that signal an infection in a PC can run behind the scenes in stealth mode, as is the case with spyware.

Infected mobile devices are a particularly insidious danger compared to a PC. A hacked microphone and camera can follow your every move and conversation. Even worse, mobile banking malware intercepts incoming calls and text messages to evade the two-step authentication security many banking apps use.

Keep in mind that cheap phones can come with malware pre-installed, which are nearly impossible to clean. ( Malwarebytes for Android will warn you of such pre-installed malware and provide instructions on how to remove it.)

Regarding the mobile malware ecosystem, the two most prevalent smartphone operating systems are Google’s Android and Apple’s iOS. Android leads the market with 80 percent of all smartphone sales, followed by iOS with 15 percent of all smartphones sold. No big surprise then that the more popular Android platform attracts more malware than the iPhone. Let’s look at them each separately.

How can I tell if my Android device has malware?

Fortunately, there are a few unmistakable red flags that wave at you if your Android phone is infected. You may be infected if you see any of the following:

• A sudden appearance of pop-ups with invasive advertisements. If they appear out of nowhere and send you to sketchy websites, you’ve probably installed something that hides adware within it. So don’t click on the ad.
• A puzzling increase in data usage. Malware chews up your data plan by displaying ads and sending out the purloined information from your phone.
• Bogus charges on your bill. This happens when malicious software makes calls and sends texts to premium numbers.
• A disappearing battery charge. Malware is a resource burden, gulping down your battery’s juice faster than normal.
• People on your contact list report strange calls and texts from your phone. Malware replicates by spreading from one device to another by means of emails and texts, inviting them to click on the infected link it displays.
• A phone that heats up while performance lags. For instance, there’s even a Trojan out there that invades Android phones with an installer so nefarious, that it can tax the processor to the point of overheating the phone, which makes the battery bulge, and essentially leaves your Android for dead.
• Surprise apps on your screen. Sometimes you download apps that have malware piggybacked onto them for a stealthy installation. That happens because Android allows users to jump straight from Google Play to other marketplaces, like Amazon, which might have let a malware maker slip through.
• Your phone turns on WiFi and Internet connections on its own. This is another way malware propagates, ignoring your preferences and opening up infection channels.
• Further down, we’ll touch upon what you should do if your Android is infected. Plus, here’s a Malwarebytes blog article on securing your privacy on an Android.

How can I tell if my iPhone or iPad has malware?

If your smartphone’s name begins with a lower-case “i,” then pat yourself on the back, because malware is not a significant issue on the iPhone. That is not to say it doesn't exist, but it's extremely rare. In fact, suffering a malware infection on an iPhone mostly only happens in two extraordinary circumstances.

The first consists of a targeted attack by a nation-state-level adversary—a government that has either created or purchased at a cost of millions of dollars a piece of malware engineered to take advantage of some obscure security hole in the iOS. Don’t be shocked, because all devices have some sort of vulnerability. To be sure, Apple has done a fine job of securing iOS, even preventing any apps (including security software) from scanning the phone or other apps on the device’s system. That’s why it’s so expensive to engineer malware that installs its code for whatever kind of remotely executed activity the offending nation-state needs.

One particularly noteworthy instance happened in 2016 when an internationally recognized human rights defender, based in the United Arab Emirates (UAE), received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails. The targeted recipient was invited to click on an included link. He didn’t, but instead sent the message to cybersecurity researchers, who identified it as containing an exploit that would have turned the activist’s phone into a digital spy.

The second instance is when a user makes an iPhone vulnerable by means of jailbreaking, which removes the restrictions and limitations Apple imposes, chiefly to ensure that software apps can only be installed from the App Store. Apple carefully vets the app developers it carries, even though malware piggybacking on a legitimate app has happened.

One more point. While outright malware infections are unlikely, using an iPhone doesn’t protect you at all against scam phone calls or scam text messages. If you tap a link in a message from an unknown source (or someone you know who’s being impersonated, or “spoofed”), it could send you to a site that asks for your login and other personal information. So there are still plenty of ways that you can become a victim. Always proceed with caution.

Who does malware target?

The answer here is: take your pick. There are billions of consumer-owned devices out there. They’re connected to banks, retail store accounts, and anything else worth stealing. It’s a broad attack surface for adware and spyware, keyloggers, and malvertising—as well as an attractive method for lazy criminals to create and distribute malware to as many targets as possible, with proportionately little effort.

Cyptominers and ransomware purveyors seem to be equal opportunity about their targets. Individuals fall victim to these two, as do corporate businesses, hospitals, municipalities, and retail store systems.

Also, it's not just consumers that mobile spyware criminals target. If you use your smartphone or tablet in the workplace, hackers can turn their attack to your employer through vulnerabilities in mobile devices. Moreover, your corporation’s incident response team may not detect breaches that originate through a mobile device’s use of corporate email.

To repeat, not all of the apps available through Apple's App Store and Google Play are desirable and the problem is even more acute with third-party app stores. While the app store operators try to prevent malicious apps from penetrating their site, some inevitably slip through. These apps can steal user information, attempt to extort money from users, try to access corporate networks to which the device is connected, and force users to view unwanted ads or engage in other types of unsanitary activity.

How can I remove malware?

If you suspect malware—or you just want to be careful— there are a few steps you should take.

First, if you don’t already have one, download a legitimate  anti-malware program, such as  Malwarebytes for Windows,  Malwarebytes for Mac,  Malwarebytes for Android or Malwarebytes for Chromebook, Next, install it and run a scan. Programs like these are designed to search out and eliminate any malware on your device.

Once the device is clean, it’s a good idea to change your passwords, not only for your PC or mobile device, but also your email, your social media accounts, your favorite shopping sites, and your online banking and billing centers.

If your iPhone has somehow become infected with something nasty, things are a little trickier. Apple does not permit scans of either the iPhone’s system or other files. Your only option is to wipe your phone with a factory reset, then restore it from your backup (which you have, right?). You can also consider using security software that can screen and block scam calls and texts, such as Malwarebytes for iOS.

How can I protect myself from malware?

Stay vigilant. Pay particular attention if you see a domain name that ends in an odd set of letters, i.e., something other than com, org, edu, or biz, to name a few, as they can be an indicator for risky websites.

For all your devices, pay close attention to the early signs of malware infection to prevent them from burrowing in.

Avoid clicking on pop-up ads while browsing the Internet. Stay away from opening unsolicited email attachments or downloading software from untrustworthy websites or peer-to-peer file transfer networks.

Make sure your operating system, browsers, and plugins are always up to date, because keeping your software patched can keep online criminals at bay.

For mobile users, only download apps from Google Play Store (the App Store is the iPhone’s only choice). Every time you download an app, check the ratings and reviews first. If it has a low rating and a low number of downloads, it is best to avoid that app.

Do not download apps from third-party sources. The best way to make sure of this is to turn off this function on your Android phone. Go to Settings on your Android device and open up the Security section. Here, make sure Unknown Sources is disabled to avoid installation of apps from marketplaces other than the Play Store.

Do not click on strange, unverified links in emails, texts, and WhatsApp messages of unknown origin. Strange links from friends and contacts should be avoided too unless you have verified it to be safe.

To keep their businesses safe, organizations can prevent malicious apps from threatening their networks by creating strong mobile security policies and by deploying a mobile security solution that can enforce those policies. This is vital in the business environment that exists today—with multiple operating systems at work under multiple roofs.

Finally, get yourself a good anti-malware program. It should include layered protection (the ability to scan and detect malware such as adware and spyware while maintaining a proactive real-time defense that can block threats such as ransomware). Your security program should also provide remediation to correct any system changes from the malware it cleans, so everything goes back to normal.

So before you take a hit on your PC, mobile, or enterprise network, hit back first by downloading a quality  cybersecurity and antivirus program, such as  Malwarebytes for Windows,  Malwarebytes for Mac,  Malwarebytes for Android, Malwarebytes for Chromebook, Malwarebytes for iOS, portable Malwarebytes, or one of  Malwarebytes' business products. (It’s a good idea to get that flu shot too!)

How does malware affect my business?

Malware attacks on businesses went up 55 percent in the second half of 2018 with banking Trojans and ransomware proving to be the most popular types of attacks. Specifically, Trojan attacks on businesses rose 84 percent while ransomware attacks went up 88 percent.

So why are cybercriminals bullish on business attacks? The answer is simple: businesses present a broader attack surface and more bang for the buck. In one noteworthy example, the Emotet banking Trojan hobbled critical systems in the City of Allentown, PA, requiring help from Microsoft’s incident response team to clean up and racking up remediation costs to the tune of $1 million.

In another example, the SamSam ransomware brought the City of Atlanta to its knees by taking down several essential city services—including revenue collection. Ultimately, the SamSam attack cost Atlanta $2.6 million to remediate.

While Emotet and SamSam grab the headlines, the majority of ransomware cases as of late have been the result of GandCrab. First detected in January of 2018, the GandCrab ransomware has already gone through several iterations as its authors try to avoid detection and strengthen encryption. It’s been estimated GandCrab has already netted its authors somewhere around $300 million in paid ransoms, with individual ransoms set from $600 to $700,000.

Considering the tremendous cost associated with a malware attack, and the current rise of ransomware and banking Trojans in particular, here’s some tips on how to protect your business from malware.

• Implement network segmentation. Spreading your data onto smaller subnetworks reduces your attack surface—smaller targets are harder to hit. This can help contain a breach to only a few endpoints instead of your entire infrastructure.
• Enforce the principle of least privilege (PoLP). In short, give users the access level they need to do their jobs and nothing more. Again, this helps to contain damages from breaches or ransomware attacks.
• Backup all your data. This goes for all the endpoints on your network and network shares too. As long as your data is archived, you can always wipe an infected system and restore from a backup.
• Educate end users on how to spot malspam. Users should be wary of unsolicited emails and attachments from unknown senders. When handling attachments, your users should avoid executing executable files and avoid enabling macros on Office files. When in doubt, reach out. Train end users to inquire further if suspicious emails appear to be from a trusted source. One quick phone call or email goes a long way towards avoiding malware.
• Educate staff on creating strong passwords and implement some form of multi-factor authentication (MFA)—two-factor authentication at a bare minimum.
• Patch and update your software. Microsoft releases security updates the second Tuesday of every month and many other software makers have followed suit. Stay in the loop on important security updates by subscribing to the Microsoft Security Response Center blog. Expedite the patch process by launching updates at each endpoint from one central agent, as opposed to leaving it up to each end user to complete on their own time.
• Get rid of end of abandonware. Sometimes it’s hard to get rid of old software that’s past its expiration date—especially at a large business where the purchasing cycle moves with the urgency of a sloth, but discontinued software is truly the worst-case scenario for any network or system administrator. Cybercriminals actively seek out systems running outdated and obsolete software so replace it as soon as possible.
• Get proactive about endpoint protection. Malwarebytes, for example, has multiple options for your business with Endpoint Protection, Endpoint Security, and Endpoint Protection and Response.