As long as the Internet and computers exist, malware will remain a threat to vulnerable PCs and devices. Most of us rely on our PCs or related devices on a daily basis, from work to leisure. Although this is good for enhancing communication and even productivity, such a large number of Internet users can leave the door open for cyber criminals. Malware is one of the biggest threats to an online user, and it comes in many different shapes and forms. One of the newest weapons for cyber criminals is malware that steals credentials.
Understanding malware
Malware is short for “malicious software” and it is, essentially, a term for any software that is unintentionally installed on your machine that then performs unwanted or harmful tasks. In most cases, malware is used for the benefit of a third party. There are an increasingly large number of organized cybercrime rings. These rings net a lot of money when they are successful. What once began as a way to play pranks on others has turned into a lucrative business that is based on harming computers and devices that are at risk.
Malware comes in a variety of forms. Some types, such as pop-up advertisements, are much less dangerous than others, like Trojan viruses or worms. More robust malware programs can work quickly to steal passwords and related data, or to infect other machines that are on the same network. Furthermore, certain types of malware are specifically designed to send out information about your web-using habits to certain advertisers of third parties without you finding out.
Some of the most common categories of malware include:
- Viruses
- Spyware
- Adware
- Browser-hijacking software
Different types of malware can cause varying degrees of damage. For example, spyware is used to get information about your web browsing habits, which it then sends to third parties without your knowledge. A virus can be used to disable your computer’s entire operating system, along with deleting essential files and even reformatting your computer’s hard disk. As the name implies, browser-hijacking software is used to gain control over your Internet browser. Once the software is in control, it can change settings, create unwanted shortcuts on your desktop, display advertising pop-ups, and much more.
Credential-stealing malware
One of the newest additions to the cybercrime family is malware that is created to steal credentials. A recent example is a previously unknown variant of the infamous Sykipot malware family, which had been previously been used in cyber-spy attacks out of China. Researchers at AlienVault recently discovered that this new variant can also hijack credentials of a smart-card user.
Although it wasn’t discovered until very recently, studies have shown that this newest variant may have been in use since 2011, when it was noticed by researcher Jamie Blasco. Since its discovery, it has been seen in a number of attack samples. Blasco notes that although there is no information on whether or not previous attacks were successful, his own lab tried the variant and proved that it worked, making it likely that it was used to some degree in previous malware attacks.
Another case involves Pony botnet controller malware. In this instance, the malware was installed on unsuspecting PCs and mobile devices. As soon as it had installed itself, the malware was able to scan all existing software on the device for any stored credentials, which it then stole. In addition, it kept a watchful eye on web traffic and was able to steal login information for a number of different websites. Once it had collected these credentials, the malware sent them back to its command-and-control host.
As with other types of malware, one of the primary driving factors behind malware that steals credentials is for cybercriminals to sell them in bulk to buyers, who then generally used the credentials they have obtained to send out spam. These transactions can be very lucrative, especially for established organized crime rings.
Malware protection
One of the most effective ways to prevent against malware, including credential-stealing malware, is to fortify your computer or whatever device you are using. Having an updated and reliable form of security can help to identify and shoot down attempts before they have an opportunity to cause damage to your computer. You can ensure data safety with free malware protection software. However, once you install the software you will need to make sure that you are running the latest version and that any updates or upgrades have been completed.
One of the newest forms of malware – credential-stealing malware – can inflict a lot of damage on your computer in a short period of time. Although you can’t completely protect against such an attack, there are ways to fortify your computer or related device.
