What is Malware & Why Is It So Dangerous?
Table of Contents
- What is Malware?
- Are Personal Computers (PC) Safe from Malware?
- Are Macs Safe from Malware?
- Are Android Devices Safe from Malware?
- Are iPhones and iPads Safe from Malware?
- What are Signs My Device is Infected with Malware?
- How to Protect Yourself Against Malware
- Types of Malware Attacks
- By David Lukic
- Apr 12, 2021
Unfortunately, these days everyone needs to be aware of what malware is and what you need to do to stay safe. Not only does malware threaten your privacy and security and the health of your devices and networks it can also compromise your identity. So, continue reading this article to learn about what malware is and all the different types of it.
What is Malware?
Malware is short for “malicious software,” and it is delivered in a variety of ways. Malware is probably the number one cybersecurity concern for most businesses and Americans right now. You can often infect your computer, network, or device by clicking a link in a phishing (fake) email.
Cybercriminals develop various types of malware to do different things. Usually, they try to install it on your device without your knowledge, and then the payload is delivered. Some examples of malware are viruses, spyware, Trojans, and ransomware.
Malware affects all operating systems, including Windows, macOS, Android, and iOS. However, Windows and Android are more susceptible to malware than the Apple ecosystem. It also attacks the broader “internet-of-things,” which refers to all devices with access to the internet outside of phones and computers.
In 2018 ransomware increased by 33% from the previous year. It is becoming a major concern for companies and cybersecurity threat researchers.
Are Personal Computers (PC) Safe from Malware?
Let’s start by saying that no system is safe from threats. Windows experiences a much larger number of malware attacks each year than Apple devices. This trend is likely due to Window's historical and global popularity. More hackers are trying to "break" the operating system, which leads to a higher volume of threats.
Window's native malware defense is solid, but users must frequently update or customize the program to maximize safety. However, this problem is largely solved by installing a third-party security program, as many low-upkeep and free options exist.
PC users should beware of more traditional forms of malware like trojan downloads and social engineering tactics.
Are Macs Safe from Malware?
In the past, one of Apple's most significant selling points for its flagship laptops was safety. Many "Mac vs. PC" arguments boiled down to how unlikely it was to get a virus on a Mac.
However, in 2020, the number of threats targeting Macs grew at twice the rate of those targeting Windows. This trend begs the question: Were Macs only safer because fewer hackers targeted them?
Both systems are weak to different tactics. In macOS, it's more vulnerable to adware and malicious application downloads, which may stem from unfounded user confidence in out-of-the-box security systems.
Are Android Devices Safe from Malware?
Our phones are just smaller computers that can be jammed in our front pockets. They aren't immune to malware. Like all smartphones, Android has email and SMS capabilities which let hackers target them with malicious links and downloads. They can also install malware through unsafe browsing in the same way as computers and laptops.
Are iPhones and iPads Safe from Malware?
Everything we said about Android devices is true for Apple devices like iPhones and iPads. Users can always make a mistake and open a dangerous email or text message. However, the main difference that puts Apple in the lead is how frequently iOS updates.
Besides Apple's big yearly upgrade, iOS gets more minor changes every few months. This means weaknesses stick around for less time than on Android.
In the end, both operating systems are well protected as long as you practice safe habits. This includes:
- Only download apps from the Play Store or Apple Store. Even though these stores can't catch every malicious update, they do a decent job of vetting their catalogs.
- Stay on top of updates. It's easy to ignore the update prompt for long stretches of time. Especially if you're using your phone when it pops up. Remember that nearly every update includes an improvement or bug fix to a known security problem.
- Install a VPN. These programs encrypt your online activity and dramatically lower the risk of getting hacked. They also make public Wi-Fi safe if you're a heavy traveler.
What are Signs My Device is Infected with Malware?
Malware is hard to catch. In case your anti-virus has failed, here are a few signs that your system may be infected.
Many types of malware require significant resources to run. Some eat up your bandwidth while trying to send information back to the hacker. This slows down the overall performance of your device. So, if you notice sudden lagging or increased loading times, you'll want to search your phone immediately for unknown or hidden apps.
Along with running slower, malware can cause your device to overheat. This is much more likely in mobile devices since computers can handle a much larger task payload.
While you may have ten applications and 20 tabs running simultaneously, you should pay particular attention if your phone is hot while on standby.
Sudden Shutdowns and Restarts
Severe problems in your operating system may cause your device to shut down. This happens due to overheating, malfunctioning apps, or malware. Someone may have remotely accessed your device and is trying to use it at the same time as you.
Decreased Battery Life
It's become a running joke that Apple purposefully tanks battery life after a few years to sell newer models. When people's phones start to die faster, they chalk it up to wear, tear, and age.
However, it could be a sign of malware running in the background. It forces your device to run a program at all times, which leads to increased energy use.
How to Protect Yourself Against Malware
Install Another Anti-Malware Service
Both Windows and iOS come with native security programs. While this seems like a good thing, it also means that hackers anticipate these native programs on every device. So, hackers ensure their attacks are undetectable to them.
Downloading a different anti-malware service gives you better odds of catching dangerous programs. It's much easier to prevent malware than to remove it and undo the damage.
Backup Your System
If malware does get onto your device, it can corrupt your files. Family photos, work documents, or personal projects can get lost. It's a good practice to back up your system at least a few times a year. Backups can also protect your files from electrical surges, water damage, or other accidents.
You can create a backup by transferring everything to an external hard drive, backing up to OneDrive (Windows), or using the Time Machine mechanism on macOS.
NEVER Click On Unknown Links
Most malware isn't cleverly snuck onto your phone. It gets there because the user clicks on a suspicious link or visits an unknown site.
While some attacks are highly compelling, most can be caught by paying a little more attention. Carefully read URLs to ensure you're going to the expected site. Many scammers change one character in a well-known URL and hope their targets won't notice.
One seriously abused address shorthand is “bit.ly.” This is a URL shortener that hides the actual address under a randomly generated code. Some businesses use it for promotions in texts to avoid overly lengthy messages. However, they can also hide a direct link to a dangerous site that you would never click on if you could see its full name.
Besides URLs, avoid clicking on banner advertisements and pop-up windows unless you completely trust the site you're on.
Types of Malware Attacks
It is important to not only learn the different types of malware, but also the strategies that hackers use to get them on your devices. Some of the most common types of malware attacks are:
Malvertising (malicious advertising) is pretty much what it sounds like. Hackers embed malicious code in ads is called malvertising. Sometimes these criminals purchase legitimate ad space on Google Ads or social media sites to appear real. When an unsuspecting victim clicks on the ad to learn more about the product or service, their device may be infected with malicious software. Hence, you become a victim of malvertising. In some cases, the user doesn't even need to click on anything, they just need to be on the same page as the malware.
Malvertising should not be confused with adware which is less harmful and simply displays ads in your browser or on your PC.
Threat actors use exploit kits to search for vulnerabilities in your hardware or software. Basically, this type of malware attack takes an inventory of the device's hardware and software resources and reports back to the central command. If the malware finds a known exploit, it may install other malicious code to perform other nefarious tasks.
Man in the Middle Attack (MitM)
A man-in-the-middle attack occurs when a hacker exploits an unsecured Wi-Fi hotspot looking for victims who are connected to the network. If you visit your local coffee shop where they offer "free" Wi-Fi, then you use your cell phone to log onto your bank, pay a credit card bill, or update your Netflix queue, someone could steal your credentials and take over all those accounts through a man-in-the-middle attack.
Cybercriminals perform man-in-the-middle attacks using special hardware or software that puts them in between you and the website you are visiting. That is why it is called a man-in-the-middle attack. By intercepting all your activity, they can strip out pieces of personal, sensitive, but valuable information and use it for identity theft or fraud.
Man-in-the-Browser Attack (MitB)
Another type of malware that bad guys often use is man-in-the-browser attacks. If someone is able to install malware on your computer and then into your internet browser, it can record everything you do while using the browser. Sometimes these issues occur when you use an infected browser add-on.
Recently there were reports of a very popular add-on for Google Chrome called the "Great Suspender," which was riddled with malware attacks and had infected thousands of users' machines. Google removed it and wrote code to update and deactivate it from everyone's browser. Thus, if you do use Google add-ons, be aware of man-in-the-browser attacks
Drive By Downloads
Malicious websites or even legitimate websites infected with malware may also infect your device if you land on the URL either through a phishing email or other social engineering tactic.
The scary part about drive-by-downloads is that the user doesn't need to do anything; just visit an infected website. Some very reputable websites have been compromised by this type of infection, thereby spreading it to everyone who visits.
Social Engineering Attacks
Social engineering is becoming a very popular method of delivering malware attacks to unsuspecting victims. Social engineering attacks use emotion to get you to trust someone into giving them information or clicking a link. Sometimes these messages come through in email or text, and the perpetrator pretends to be your bank, your boss, or someone of authority who you might trust to get you to click. Once you do, your device is infected, and then the criminal can take over.
Sometimes social engineering attacks are ongoing and take a while as they earn your trust before asking for the big score, which is usually personal information or your login credentials. Most of the data breaches during 2020 worked due to social engineering attacks and an employee clicking a malicious link in an email.
Often these threat actors use scare tactics, so you will panic and do something without thinking. For example, they may send you a convincing-looking email alerting you that your bank account has been hacked. The email will contain a link with the word "fix now," and without thinking, you click it. You may be taken to a website that "looks" like your bank, but it is fake. If you enter your login, the crooks now have access to your bank account and can drain your funds before you know what has happened.
Sometimes, to make the ruse complete, they redirect you to the legitimate website, so you won't suspect a thing, and they get what they want. Hence, you should always be wary of social engineering attacks; you do not know when or how they could happen.
These days, it is super important to be aware of all these types of malware and to learn ways to protect yourself.