Practical Techie: Joker — Dealing with malware booby traps
One does not even have to be connected to the internet to fall prey to malware. Disconcerting but true. In theory, hackers can use offline techniques to steal usernames, passwords, or any data stored in your browser. In practice, they do.
Malicious entry points come from websites that spoof legitimate ones, even in an innocent-looking link in an email. In 2022, a new malware is making the rounds. Joker allows hackers access to a user´s personal information by embedding itself in Android apps, overwriting the operating system’s notifications.
SALE — Cybersecurity becomes even more disconcerting when one realizes that malware is on for sale through the Internet. Anyone can purchase commercially available hacking tools. Sleek cybercriminals know how to make an illegal buck on the side. They sell their expertise to colleagues who aren’t savvy or skilled enough to create their malware.
It all happens on the Dark Web. Up for sale on underground storefronts and forums are many tools any attacker needs to mount their malicious campaign. Though some of these tools are pricey, others can be bought at basement prices. A report released by Privacy Affairs looks at the average cost for different malware. The offerings include cloned credit card pins, stolen online banking logins, counterfeit banknotes, ripped-off driving licenses, or university students IDs.
MALWARE — Although browser hijacking malware isn’t new, variants have been causing concern recently. One is the pseudo browser ChromeLoader. This malware can creep onto computers and take over any installed internet navigator by changing settings and redirecting traffic to advertisement websites.
In a blog post, the Red Canary security explains that ChromeLoader injects itself into a device through pirated video games or movies. Pirated software isn’t only illegal but also comes with many security issues. Even some of the most powerful antivirus apps can’t detect all malware, which might remain dormant on your machine for a few months.
DETECT — The scariest thing is not knowing your device is infected until it’s too late. How do you know at least if a smartphone has been hacked? Various types of malware use data to spy on your activity and relay the information to the bad guys. The malware eats up a lot of resources, and the device has to work overtime to keep up. The phone begins running at a snail’s pace and suddenly becomes warm. Usage or the run of heavy data streams leads to an excessively hot phone.
Also, a constant battery drains because background activity affects battery life, and the usual culprit is malware which constantly runs even when you shut down everything else. What of sudden pop-ups? If pop-up ads and notifications appear, your phone is likely infected. The same goes for unwanted reminders and system warnings.
PROTECT — Remove any recent apps that may have acted as a Trojan horse for malware. Frequently check for malware to ensure that data isn’t being recorded while in the input process of using a device. Install at least one anti-malware tool. Update automatically. Avoid public or unsecured WiFi and unofficial platforms to access music, movies, or video games. There is no way of telling what else has been bundled into such contents. If you must log in to an account on a network you don’t trust, use a Virtual Personal Network server to encrypt all communications.
It is not an expensive option. Delete Internet accounts you don’t use anymore. Avoid single passwords for multiple accounts. For this, use a password manager such as LastPass or Keepass. Both are free. Beware of fake online casinos, contests, or weird social networks. Avoid software that has been illegally copied and made available for free.
And so it goes. Anyone can have data stolen in many devious ways. The only counteroffensive is to make it much harder for the cybercriminals to do so and thus less worth the effort. The actions may feel complicated and burdensome, but once the user gets used to following them, they are like second nature.