Malware is one of the biggest security threats facing businesses. Security departments must actively monitor networks to catch and contain malware before it can cause major damage. However, with malware, prevention is key. But to prevent an attack, it’s critical to first understand what malware is, along with the most common types of malware.
Attackers use malware, short for malicious software, to deliberately damage and infect devices and networks. The umbrella term includes many subcategories, including the following:
Viruses. Worms. Ransomware. Clash. Trojan horses. Keyloggers. Rootkits. Spyware. Fileless malware. Cryptojacking. Wiper malware. Advertisingware.
Let’s examine each in more detail.
Malware comes in many forms, including adware, ransomware, and worms.
1. Viruses
A computer virus infects devices and replicates itself across systems. Viruses require human intervention to reproduce. Once users download the malicious code onto their devices – often delivered via malicious ads or phishing emails – the virus spreads throughout their systems. Viruses can change computer functions and applications; copy, delete and exfiltrate data; encrypt data to perform ransomware attacks; and conduct DDoS attacks.
First detected in 2006, the Zeus virus is still used by threat actors today. Attackers use it to create botnets and as a banking Trojan to steal victims’ financial data. Zeus’ creators released the malware’s source code in 2011, allowing threat actors to create updated and more threatening versions of the original virus.
2. Worms
A computer worm self-replicates and infects other computers without human intervention. This malware inserts itself into devices via security vulnerabilities or malicious links or files. Once inside, worms look for network devices to attack. Worms often go unnoticed by users, usually disguised as legitimate work files.
WannaCry, also a form of ransomware, is one of the most famous worms. The malware took advantage of the EternalBlue vulnerability in outdated versions of Windows’ Server Message Block protocol. In its first year, the worm spread to 150 countries. The following year, it infected nearly 5 million devices.
3. Ransomware
Ransomware locks or encrypts files or devices and forces victims to pay a ransom in exchange for re-entry. While ransomware and malware are often used synonymously, ransomware is a specific form of malware.
Common types of ransomware include the following:
Locker ransomware completely locks users out of their devices. Crypto ransomware encrypts all or some files on a device. Ransomware involves attackers stealing data and threatening to publish it unless a ransom is paid. Double extortion ransomware encrypts and executes users’ files. In this way, attackers can potentially receive payments from the ransom and/or the sale of the stolen data. Triple extortion ransomware adds a third layer to a double extortion attack, for example a DDoS attack, to demand a potentially third payment. Ransomware as a Service, also known as RaaS, enables affiliates or customers to rent ransomware. In this subscription model, the ransomware developer receives a percentage of each ransom paid.
Known ransomware variants include REvil, WannaCry and DarkSide, the strain used in the Colonial Pipeline attack.
Backing up data has long been the best defense against ransomware. With a proper backup, victims can restore their files from a known-good version. However, with the rise of ransomware, organizations must follow other measures to protect their assets from ransomware, such as implementing advanced protection technologies and antimalware.
4. Collision
A bot is a self-replicating malware that spreads itself to other devices, creating a network of bots or a botnet. Once infected, devices perform automated tasks commanded by the attacker. Botnets are often used in DDoS attacks. They can also perform keylogging and send phishing emails.
Mirai is a classic example of a botnet. This malware, which launched a massive DDoS attack in 2016, continues to target IoT and other devices today. Research also shows that botnets have flourished during the COVID-19 pandemic. Infected consumer devices — common targets of Mirai and other botnets — used by employees for work or on the networks of employees working from home on company-owned devices enable the malware to spread to corporate systems.
5. Trojan horses
A Trojan horse is malicious software that appears legitimate to users. Trojans rely on social engineering techniques to invade devices. Once inside a device, the Trojan’s payload – malicious code – is installed to facilitate the exploitation. Trojans give attackers backdoor access to a device, perform key logging, install viruses or worms, and steal data.
Remote Access Trojans (RATs) allow attackers to take control of an infected device. Once inside, attackers can use the infected device to infect other devices with the RAT and create a botnet.
An example of a Trojan is Emotet, which was first discovered in 2014. Despite a global takedown at the start of 2021, attackers rebuilt Emotet and it continues to help threat actors steal victims’ financial information.
6. Keyloggers
A keylogger is surveillance malware that monitors keystroke patterns. Threat actors use keyloggers to obtain victims’ usernames and passwords and other sensitive data.
Keyloggers can be hardware or software. Hardware keyloggers are manually installed into keyboards. After a victim uses the keyboard, the attacker must physically retrieve the device. Software keyloggers, on the other hand, do not require physical access. They are often downloaded by victims via malicious links or attachments. Software keyloggers record keystrokes and upload the data to the attacker.
The Agent Tesla keylogger first emerged in 2014. The spyware RAT continues to plague users, with its latest versions not only logging keystrokes but also taking screenshots of victims’ devices.
Password managers help prevent keylogger attacks because users do not have to physically enter their usernames and passwords, thus preventing a keylogger from recording them.
7. Rootkits
A rootkit is malicious software that allows threat actors to remotely access and control a device. Rootkits facilitate the spread of other types of malware, including ransomware, viruses and keyloggers.
Rootkits often go undetected because once inside a device, they can disable antimalware and antivirus software. Rootkits usually enter devices and systems through phishing emails and malicious attachments.
To detect rootkit attacks, cybersecurity teams must analyze network behavior. Set alerts, for example, if a user who regularly logs in at the same time and place every day suddenly logs in at a different time or location.
The first rootkit, NTRootkit, appeared in 1999. Hacker Defender, one of the most widely deployed of the 2000s, was released in 2003.
8. Spyware
Spyware is malware that downloads onto a device without the user’s knowledge. It steals users’ data to sell to advertisers and external users. Spyware can detect credentials and obtain bank details and other sensitive data. It infects devices through malicious apps, links, websites and email attachments. Mobile spyware, which can spread via SMS and Multimedia Messaging Service, is particularly harmful because it tracks a user’s location and accesses the device’s camera and microphone. Adware, keyloggers, Trojans and mobile spyware are all forms of spyware.
Pegasus is a mobile spyware that targets iOS and Android devices. It was first discovered in 2016, when it was linked to Israeli technology vendor NSO Group. In November 2021, Apple filed a lawsuit against the seller for attacking Apple customers and products. Pegasus has also been linked to the assassination of Saudi journalist Jamal Khashoggi in 2018.
Spyware includes four main threats: adware, keyloggers, Trojans, and mobile spyware.
9. Fileless malware
Fileless malware, unlike traditional malware, does not involve attackers installing code on victims’ hard drives. Instead, it uses techniques to live off the land to take advantage of legitimate and presumably safe tools — including PowerShell, Microsoft macros, and WMI — to infect a victim’s systems. Fileless malware resides in computer memory. Without an executable file, it can evade file and signature-based detection tools, such as antivirus and antimalware.
Note that fileless malware may have files, but the attacks leave no files behind after the attack is complete, making attribution difficult.
Frodo, Emotet and Sorebrect are examples of fileless malware.
10. Cryptojacking
Cryptomining – the process of verifying transactions within a blockchain – is highly profitable but requires immense processing power. Miners are rewarded for each blockchain transaction they validate. Malicious cryptomining, known as cryptojacking, allows threat actors to use an infected device’s resources—including electricity and computing power—to perform authentication. This can lead to performance degradation of the infected device and loss of money due to stolen resources.
Coinhive, Vivin, XMRig Lucifer, WannaMine and RubyMiner are examples of cryptomining malware.
11. Wiper malware
Also known as wiperware or data wipers, this malware is often categorized as a type of ransomware. Like ransomware, its purpose is to block access to the victim’s data. Unlike ransomware, it destroys the data rather than holding it for a ransom. The goal of wiper malware attacks is not financial gain, but to wipe data. Malicious actors often use wiper malware to cover their tracks after an attack.
NotPetya, Azov, HermeticWiper and WhisperGate are examples of wiper malware.
12. Advertising
Adware is software that displays or downloads unwanted advertisements, typically in the form of banners or pop-ups. It collects web browser history and cookies to target users with specific ads.
Not all adware is malicious. Software developers use legitimate adware – with users’ permission – to offset developer fees. However, malicious adware displays ads that can lead to infection if clicked.
Threat actors use vulnerabilities to infect operating systems and insert malicious adware into existing applications. Users can also download apps that are already corrupted with adware. Alternatively, adware can be included in a software bundle when a legitimate application is downloaded or pre-installed on a device, also known as bloatware.
Fireball, Gator, DollarRevenue and OpenSUpdater are examples of adware.
How to prevent malware attacks
Strong cybersecurity hygiene is the best defense against malware attacks. The premise of cyber hygiene is similar to that of personal hygiene: If an organization maintains a high level of health (security), it avoids getting sick (attacked).
Cyber hygiene practices that prevent malware attacks include the following:
Conduct regular security awareness trainings to teach employees the dangers of the different types of malware and to be careful when clicking on links and downloading files.
Disclaimer for Uncirculars, with a Touch of Personality:
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
UnCirculars – Cutting through the noise, delivering unbiased crypto news
