Malware | A prominent Cyber threat

Malware | Malicious Software

 Malware defined as :

The computer software that is designed to damage the way a computer works.

-Cambridge Dictionary 

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.

-Wikipedia

This guide focuses more on the basics of malware and not the detailed guide. More detailed guides concentrated on several classes of malware will be presented as separate posts.
  
Malicious software is the creation of a cybercriminal in order to make money. These are the software which usually gets into our computer without our consent.  The cybercriminals can steal potential information to scam the victims, they also can compromise these stolen data by selling those to unethical business authorities. Malware can be a useful tool for showing ads to infected computers to gain revenue.

Purpose of malware creation :
To damage a victim's PC.
To steal data from a victim's PC.
To manipulate the device.
To scam people.
To carry out more infection.

Malware plays an important role when it comes to Cybersecurity. There are almost 18.69% of people who are not even aware or are partially aware of cyber threats which come with malware. Nearly 23.38 people worldwide have a general idea about the cyber threats which is caused by malware and remaining 57.77 % of people show high concern regarding cyber threats.

Types of Malware 

There are several types of malware according to their application, usage, and threat connected to it. Here are the broad categories of Malwares.

     
Learn more about Adware: Adware | Prevention, Detection, and Removal.
Learn more about Spyware: Spyware | Prevention, Detection, and Removal.

Learn more about the symptoms of a malware infection:
Malware Infection Symptoms/Indications.

Read more →

Spyware | Prevention, Detection, and Removal.

Spyware is a subcategory of Malware which is nothing but a spying software. Spyware is an entity that is almost certain to be a part of any major malware infection. Spyware often leads your computer to a venerability which can be further exploited by their owners. Malware is 2nd biggest threat over the internet where spyware is one of the subcategories of malware.

What is Spyware?

As per the above description, Spyware is malicious software that is designed to gain access to the PC to achieve potential information and creating a gateway for other types of malware to infect the PC. Spyware is designed in such a way that it is difficult to identify and trace, also the resource consumption of Spyware is less in its initial stages which in turn creates more complexity in identifying the Spyware.
Types of Spyware :

• Adware
• Trojan
• Tracking Cookies
• System Monitors
• Keyloggers
• Mobile Spywares

Learn more about Adware here, where an in-depth guide is available on adware which covers Identification, Recovery, and Precautions.

Spyware can often be found bundled with free wares on file-sharing sites, they can also be found under email attachments received from the unknown end.

Purpose of Spyware.

The main purpose of Spyware is to steal private information which includes Passwords, Banking details, Credit and Debit card details, etc. Spywares also study the user's behavior while browsing and their browsing history.
The Spyware owners can use the acquired data to scam people or misuse it, they can even sell the browsing pattern data to unethical business authorities. They can also make revenue by showing ads on the user's computer through adware.

Identification for Spyware.

• New or unknown icons may appear in the taskbar (the bar where the start menu is located).
• Weird search redirects.
• Performance degradation to some extent.
• Running out of space.
• The easiest and fruitful way is to get a free Spyware scanner (Anti-Spyware software) from a legit source. 

How to remove Spyware?

Spyware is very good at disguising so it is much harder to spot a program which is spyware.

But let's say you managed to spot a program which is suspected to be a Spyware, in this case, follow these steps to successfully uninstall that program.

Before uninstalling make sure to terminate the suspected software which helps in making things easier, to do so 

click start menu > type MSCONFIG then services or programs and disable the suspected software.

Now stop the process by going to the task manager (CTRL+ALT+DEL > choose task manager) locate and end the process.

Try uninstalling the software by going to the control panel.

You can also try booting up in safe mode by pressing F8 while booting and choosing safe mode. This is efficient as safe mode allows only basic Windows programs to run. Get a good Anti-malware while in safe mode and try scanning the computer to get rid of the Spyware. 

You should also dump the leftover junk by those programs by deleting the temp folder. To access temp folder click start > type %temp% and hit enter.  

Preventive measures.

• Avoid exploring any emails by unknown sources.
• Avoid clicking on any pop-ups or ads or any unknown messages. You can also use ad-blocking services.
• Try to avoid downloading stuff through third-party websites.
• Hover your mouse on the download button present on the websites to inspect if you are being sent to the right webpage.
• It is recommended to have real-time protection security solutions with features like malicious website protection which makes sure you don't end up to the place full of malware where you are venerable to catch one.
• Inspect the link before downloading via Virus Total or any other trusted sources. 

Learn more about spyware.

Read more →

Agent Smith Malware | A Smartphone Smasher

Agent Smith, a newly developed malware that quietly infected about 25 million devices, India being a primary target along with other Asian countries. Agent Smith keeps the user unaware while spreading itself, more than 2.8 billion infections are reported in total. Let us dive more into this scenario.

What exactly is Agent Smith?

Agent Smith is a malware that takes benefit of various known Android vulnerabilities and automatically replaces installed apps on the device with malicious versions of the same apps differently coded to show a lot more ads. This whole process is undertaken without any user interference which is the main reason for the escalation of this malware. The replaced app doesn’t steal information. Instead, apps replaced display a huge number of advertisements or steal credit from the device to pay for adverts already served.

Agent Smith is being used for financial gain through the use of malicious advertisements. 

What it does and how?

Agent Smith is nothing but a type of application that has the ability to hide its icon from the launcher and mimic as any popular existing app on a device. It can also mimic at a level where it claims to be Google related updaters or a related product. Now that it is hidden and cannot be found out easily, it proceeds to infect and replace the apps with a malicious version which forces the user to watch endless advertisements.

“Agent Smith” infection has three main phases:

• A dummy app lures the victim to install itself voluntarily. Dummy app variants are usually barely functioning photo utility, games, or NSFW apps. A dummy app is an application that is used to bundle the malware with.
• A dummy app automatically installs its core malware APK which later carries out malicious patching and app updates. The core malware is usually disguised as Google Updater. 
• The core malware extracts the data about the device's apps. If it finds apps on its prey list (prey list is a list of apps whose replacement is possible to carry out by the malware ), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update.

Agent Smith dummy apps escalate through the third-party app store like 9Apps.

Preventive measures

Avoid downloading and installing an application from any third-party app stores and sites that provide cracked applications

Always check the permission that the installed application demands. You should have a rough idea about what type of application can demand what type of permissions (For example, an ebook reader application should not demand to access contacts or camera. If it does so immediately delete that particular application)

Avoid installing the applications which are recommended by other money/point earning applications.

You may also consider keeping a good anti-malware application that can provide real-time protection but they also consume a lot of resources.

Here are some apps removed by Google from the play store

• Ludo Master - New Ludo Game 2019 For Free
• Sky Warriors: General Attack
• Color Phone Flash - Call Screen Theme
• Bio Blast - Infinity Battle Shoot virus
• Shooting Jet
• Photo Projector
• Gun Hero - Gunman Game for Free
• Cooking Witch
• Blockman Go: Free Realms & Mini Games
• Crazy Juicer - Hot Knife Hit Game & Juice Blast
• Clash of Virus
• Angry Virus
• Rabbit Temple
• Star Range
• Kiss Game: Touch Her Heart
• Girl Cloth Xray Scan Simulator

Know if your device is infected

Agent Smith fairly easy to spot. If your regularly used apps suddenly start showing an overwhelming amount of advertisements, it is a sure sign something is wrong. The ads that malware serves are difficult or impossible to exit, which is another indicator. 

How to remove Agent Smith?

In most cases, you need to factory reset your smartphone to get rid of this malware.

You can also try to uninstall the dummy app if you can trace it, or you can uninstall all the apps. If you are lucky enough and the infection is not spread too much, you can get rid of it via uninstalling all the apps

You can also try installing some anti-malware applications, they can also be helpful to some extent. here are some which can help you

• Malwarebytes Security: Virus Cleaner, Anti-Malware
• Kaspersky Mobile Antivirus: AppLock & Web Security

Read more →

Adware | Prevention, Detection, and Removal.

It’s a human tendency to want to know what others are doing or what they are up to, and depending on the scenario, it can be classified as harmless intend, standard business practice, harsh necessity, or an invasion of privacy. Adware can be the least offensive subset of malware, though still quite intrusive, annoying, and sometimes disruptive as they lead other malware to invade the computer.

What is Adware?

Adware is a type of malicious program (or a kind of malware) that quietly collects information about you, such as sites you visit, input keywords, browsing the history, browser add-ons and search results, while at the same time feeding you ads, and it does all of this without asking for your consent. This stolen information is again used to show advertisements but much refined based on the user. If a program or software consents you about displaying ads, that program cannot be considered as an adware. 

As per Wikipedia, 

"Adware is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process." 

What does Adware do?

Adware can be much more complex than we think, the adware can perform these tasks:

• Endless Pop-ups.
• Data breach (passwords and bank details).
• Spying.
• Man-in-the-middle attacks.
• Deteriorating the PC’s performance.
• Consume space.

Where do they come from?

As far as the spread of the adware is concerned, we can categorize it in two broad segments. The first one being the cybercriminals who crave for money and another being the companies that use unethical business practices.

Why they do what they do?

Ads can be the easiest source on which they can make money online so, cybercriminals use this tool to gain money. Another motive can be to extract potential information through a user’s browsing data, this can include bank details, passwords, etc. Adware can also be used to study the online browsing scenario and gather data unethically.

How to identify an adware infection?

You can know if you are under adware infection if you are experiencing these :

• Ads within the software.
• Pop-up ads on the desktop.
• Unintended browser windows showing up.
• New toolbar.
• New browser homepage and bookmarks.
• Change in search engine.
• Performance issues.
• Unusual redirects.

You can also check if your PC is infected with malware. 

How to remove adware?

Adware can be bundled with the freeware on the internet
most of them do ask if you want to install a browser toolbar or some type of program during the installation phase. This adware can be removed if we remove the bundled software, to do go to Control Panel > Uninstall a program > Select program you wish to uninstall.
Adware can also come through the browser's add-ons or extension, you can get rid of them by simply removing the suspicious add-on or extension which you can usually under browser settings.
Adware can also change the browser policies which in turn redirects the internet traffic over ad servers. You can remove those by using RegistyEdit
Go open registry go to start > type Regedit 
Now delete these two :
HKEY_CURRENT_USER\Software\Policies\Google
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google
You can also check the startup pages of the browser if multiple windows or tabs open up full of ads. Also, you can go through the search engine settings of the browser
If this doesn't help your PC might be infected by any advanced adware created by any cybercriminal/hacker. In this case, manual operations don't work efficiently my suggestion would be going for a free adware removal tool. Here are some if you want to get rid of those annoying adware

• Zemana AntiMalware
• HitmanPro
• Malwarebytes AdwCleaner
• Adware Removal Tool by TSA

Remove unwanted ads, pop-ups & malware

How to prevent an adware infection?

• Avoid suspicious websites.
• Don’t believe any ads and pop-ups that claim to have found a malware infection on your PC.
• Scan suspicious links or files in Virus Total.
• Think twice before immediately downloading and installing any new software—especially freeware
• Download a quality cybersecurity software for your PC
• Don’t click any links or download attachments from suspicious emails.
• Don’t click on any online ads you might see.
  

  I hope I fulfilled your curiosity about this topic and if you are facing some issues regarding the same feel free to comment down I will try my best to respond as soon as possible. 

Read more →

11+ Malware Infection Symptoms/Indications [2019].

I can make mayhem of your computer

-Malware

I acknowledge your curiosity about learning more about how your PC can respond during the malware attack. The possibility of creation of loopholes and vulnerabilities increases as there is an advancement in any of the fields, this also holds when it comes to computers. There will be no perfect security that can guarantee the defense from every possible malware created. Although having an antivirus can make things simpler and it allows us to focus on other concerns rather than about security. It is preferred to have something than nothing, but when it comes to the security of the computer one should have at least the basic idea about how malware works. The computer that is under the malware attack can continuously give out indications about the situation, it depends on the user that how quick they can identify what's wrong and respond to it. The delay of response can result in deteriorating performance and even data loss in some cases. So as far as the indications are a concern, this thread can help you understand these in detail with low prerequisites and in a very basic manner. Here are the indicators one should look for.

 Malware Infection Symptoms/Indications

1. Your PC's performance is declining.

Your PC takes more time to launch the applications or they are running slower than usual. It can be very frustrating to work in this environment where the PC's response time is so long, you can relate this to a scenario where you are playing a First-Person Shooting game with very low fps. One of the malware’s main activity is to slow down your operating system, as they can be using those resources for their purpose. The slowdown can be experienced while browsing, playing or performing any regular task. You need to have a rough idea about the performance of your PC under any application at the first place to identify if there is a flaw due to malware or there are other factors which are slowing down the computer, these factors include :

• Low Random Access Memory. 

This can happen in case you open many applications and there is no room for everything.

You can check what application is consuming how much memory space via Task Manager.

To open Task Manager right-click on the taskbar and choose task manager or click ALT+CTRL+DEL at the same time and then choose task manager.

• Less storage space on a hard disk.

You might need a good cleanup, in this case, to get the system back on the track.

• Browsers absorbing the resources.

Browsers tend to absorb so many resources due to excessive add-ons or extensions.

• System fragmentation.

Over time, files on a hard drive become fragmented. In simple terms, this means that parts of these files get stored in different areas of the drive and not next to each other. Thus, the storage space is used inefficiently and reduces your PC’s performance, making it harder for your operating system to open a file. This can be resolved via a Windows disk defragmenter. 

• Outdated OS and drivers.

Try using the latest version of windows as they constantly cover the vulnerabilities and resolve the bugs which can cause potential slowdown.

If you are still facing a slowdown after resolving the above factors your PC might be infected with malware.

2. Ads, Strange Pop-ups, Unusual messages. 

A message pops up informing that one of your application is attempting to access the Internet without your command. Or you see an unusual error message saying you have a corrupt file on your computer. These can be signs of malware infection.

This form of malware is known as spyware and is designed to accumulate and steal user's sensitive data without their knowledge they might even disperse your information to the malware owners.

These pop-ups usually come bundled with other hidden malware threats and can be far more destructive for your OS. This malware can disguise to be a legit program and track the data transfers and can collect the passwords.

DO NOT CLICK those pop-ups! 
Learn more about Adware (A subcategory of malware) here.

3. PC crashes and BSOD.

If you get the popular BSOD ( Blue Screen of Death ). Then it recovered and shows you Windows was recovering from an unexpected shutdown. There might be the following reasons for its occurrence.

• Due to Windows system files corruption.
• Corrupted Windows registry.
• Damaged RAM or faulty system drivers.
• Hard disk drive corruption.
• Driver conflict between newly installed hardware.
• Virus or malware.

4. Substantial increase in internet traffic.

Getting lower internet browsing and download speed than usual, you get. This can happen due to some technical issues regarding your ISP or issues with a router or a malware infection. The most common category of malware which absorbs high internet traffic is Adware, which has the potential to switch your internet traffic to go through some ad servers, through which the PC can get more infected due to downloads, which adware carry out through the ad servers.
Learn more about Adware (A subcategory of malware) here.

5. Different homepage and new toolbars.

Your homepage has been changed without your knowledge or you’ve been redirected to a different web address different from the one you’ve initially accessed or a new toolbar pops out of nowhere and lands at the top of your browser window. You can't get rid of the toolbar however hard you try. These incidents are clear signs of a malware infection. You must have accidentally clicked a link or a pop-up window, which then downloaded unwanted software and installed it on your computer. 

6. Weird computer behavior.

Any of the windows tasks which escape the normal regular pattern of your work can be considered as weird behavior.  

This includes :

• Automatic closure of some applications. 
• Application flashing on and off in no time.
• Command prompt like black window popping up and closing.
• Unknown application getting installed and runs in real-time.  
• Unintended shutdowns.
• Windows tells you that you’ve lost access to some of your drives.
• CD-ROM tray opens and closes

7. Antivirus or firewall turned off.

If you noticed your antivirus program doesn’t seem to work anymore or the Update module is disabled or change in unintentional firewall setting, then you should be bothered about your PC's condition

As there is an advancement in the cybersecurity the malware is upgrading too. Some of them can bypass the antivirus or firewall whereas, some can freeze them or turn them off to make their purpose much simpler to achieve

If you already tried to reboot your computer, closed and opened the antivirus and all your troubleshooting efforts seemed useless, you could take into consideration the malware infection scenario.

8. Strange messages / E-mails with your ID.

If your friends recently got several strange messages/emails or suspicious links from you, and you didn’t send them, you've likely been infected with malware. Maybe your accounts are hijacked without you noticing it. This might happen when the infections are gone too far or your account is hacked.

9. Unknown icons on your desktop.

If you’ve been noticing unknown and new icons on your PC, you most likely downloaded by accident these sneaky programs called PuPs (Potentially Unwanted Programs). They are malicious programs that can do a lot of damage and expose you to data leakage, displaying annoying ads or pop-ups on the screen, or adding toolbars on your browser. They often come together with suspicious software you’ve ended up installing from third party websites or torrents. Also, these programs can be bundled with some legit programs and hosted on third party sites. You may have accidentally given your consent to install additional tools that you didn’t notice we're there.

10. Unresponsive control panel.

If you are facing this issue and your Control Panel does not open, it means that your computer is having a technical problem and is not functioning correctly or the malware which is infesting your PC is not letting you do so. There is much malware that has the potential to monitor the processes and they can also respond in the areas when it is likely to be revealed. For example, freezing the firewall and the antivirus, freezing the task manager, installation failures, etc. can happen. 

11. Perfect after an unusual behavior/performance drop.

What I mean by 'Perfect after an unusual behavior/performance drop' is, when there is a suspicious activity or an unknown behavior and after that happening, your PC seems to be recovered. Should you be concerned about your PC's security?

The answer should be YES, as you need to find the flaw which resulted in that unusual behavior in the first place. It can be malware or it may be any technical flaw or a bug within your system.

When it comes to malware, Crypto Miners can cause the above situation. In this modern age malware, creators can create crypto miners which mine the cryptocurrency by using a host PC. These miners have a high potential to absorb the resources to mine the cryptocurrency. These miners usually work when the PC is under a normal load so that the PC user cannot be sure of the presence of the miner but when a resource-heavy application or game runs on the PC the miner shuts itself down so that it cannot be caught.   

12. Miscellaneous reasons.

• Application launch issues.
• Extended amount of boot time.
• WebCam malfunctions.
• Files are unable to be renamed. 
• Different IPs listed in the host file.
• Changes in browser policies ( in case of adware ).
• Often encountering a heating issue in normal usage.

I hope I fulfilled your curiosity about this topic and if you are facing some issues regarding the same feel free to comment down I will try my best to respond as soon as possible. 

Read more →