Malware attacks: Risks now come in new ways, even latching on to anti-viruses
Security has been a major source of concern for PC users this year. Malwares such as Petya and WannaCry brought many organisations to a standstill for several days. WannaCry went on to affect 230,000 devices in 150 countries, while Petya affected over 2,000 organisations across the globe. The constantly-evolving nature of malwares makes containing them harder. Cyber criminals keep coming with new ways to target users. Both these examples hint at new types of malware, the risks they pose and how one can avoid them.
Computer Emergency Response Team (CERT), a security agency under the ministry of electronics and IT (MeitY), has issued a warning about an evolved version of Locky ransomware that is using spam emails to target users. US-based security firm App River, which detected it first, points out that 23 million spam emails with Locky ransomware hidden in a zip file have been sent to users in the US in a time span of 24 hours last week. Once the file is clicked, the ransomware is installed and the infected computer is locked. Users are then asked to pay a ransom of 0.5 bitcoin (which amounts to $2,300) to decrypt the PC.
According to CERT, users should be more careful while checking new emails and should not click on any suspicious links or attachments. Users can also use anti-spam solutions to identify and block spam mails.
Security solutions company Symantec has come across a new spyware targeted at Indian users. The spyware opens a backdoor to install malware on users’ computer. Once installed, the malware can upload/download files, carry out backdoor processes, capture keystrokes, take screenshots and steal personal information on the compromised device without users’ consent or knowledge. Users should run full system scans regularly to ensure no new malware can go undetected. The spyware is being spread through web browsers. To ensure attackers are not able to exploit vulnerabilities in the browsers, users should rely on auto update or software distribution tools to install patches as soon as they are released.
Double Agent Attack
First reported by Israeli cyber security firm Cybellum, this malware targets the very anti-virus solution users are counting on to protect their device. It exploits a legitimate feature of Windows OS called Microsoft Application Verifier which is used as a runtime verification tool to discover and fix bugs in applications on the device. A hacker can use this tool to add a custom verifier on the app and take full control over it, even if it is an anti-virus app. According to Cybellum, anti-virus solutions such as Avast, AVG, Bitdefender, Trend Micro and Avira were vulnerable to the attack.
What makes it even more dangerous is that it doesn’t have to disable the antivirus. It can continue to spy on the user, steal data or lock the device for ransom even with the anti-virus active. After the issue was reported by Cybellum, several anti-virus companies came up with security patches. Users should always use reliable anti-virus solutions instead of going with the cheapest available option.