With every passing year, we entrust our digital devices to store more of our personal information, with the internet turning into the backbone of the modern world. This has brought immeasurable benefit to billions of people around the world, but it’s also opened a huge opportunity for those that want to hurt us. Crime is no longer bound by geography — someone you’ve never met, from a country you’ve never been to, may be targeting you.
Some threats we have become familiar with (phishing, viruses, and spam) are now staples of our online lives. However, each passing year brings with it a new set of technologies, with new exploits in tow. We’ve collected together some of the most important security threats of 2017, and what you can do about them.
What It Is: A worm used to download additional malware, harvest banking credentials, and receive commands from a remote command-and-control server.
— McAfee (@McAfee) July 27, 2017
What It Does: Pinkslipbot aims to collect and harvest all financial and banking credentials through a collection of tools like keyloggers, MITM browser attacks, and digital certificate theft. Although Pinkslipbot has been around since 2007, McAfee discovered a newly updated variant in 2017. The malware was first designed to harvest login credentials for online banking and other digital financial services. The new variant has been updated so that it now acts as a Trojan, a worm, and as part of a botnet. It is estimated that Pinkslipbot controls over 500,000 computers.
You Will Be Affected If: Malware can be downloaded from a number of different sources, but is often from malicious or compromised websites. Another major infection point is phishing emails and their dangerous attachments.
How to Check for It: As Pinkslipbot has been around in various forms for over a decade, most modern antivirus software should be able to immediately remove the threat. However, should you still need reassurance, McAfee has released a tool that will scan for any detect any instance of Pinkslipbot.
How to Clean It: Your antivirus should be able to remove the malware after it is detected. However, the updated 2017 variant also changes your port-forwarding options to keep your computer operational as part of its botnet. Your antivirus will likely not detect these changes and they can be hard to spot. The McAfee tool is also able to remove the malware, and if you follow the user manual, will be able to correct any port-forwarding issues Pinkslipbot created.
What It Is: A malicious ad library pre-installed in a number of Android apps.
— Trend Micro (@TrendMicro) June 16, 2017
What It Does: The Xavier ad library is part of a malvertising campaign aimed at infecting your device with malware and stealing data. The malicious ads are able to install APKs on your phone without notification on older Android devices. Xavier allows remote code execution, giving hackers full access to your phone. On top of this, it is also able to harvest your personal data, device make and model, SIM card identifiers, and a list of installed apps.
You Will Be Affected If: Trend Micro identified 75 apps that were serving Xavier malvertising to your Android phone. If you installed any of these apps then you are affected. However, the ad library was available to any Android developer and may have been served by more than just those identified by Trend Micro.
How to Check for It: Compare any apps you have installed against Trend Micro’s list. Even if you managed to avoid the listed apps, there is still a chance that you were affected. To be safe, keep an eye out for any signs your Android device has been infected with malware.
How to Clean It: Immediately uninstall any apps Trend Micro identified as serving Xavier malvertising. You can remove them from your Google Play app library too so you don’t accidentally reinstall them in the future. To minimize the risk of infection, make sure to check out an app’s reviews and install apps only from reputable developers.
3. OSX/Dok Malware
What It Is: macOS-specific malware that can intercept and read all HTTPS traffic.
— Check Point Software (@CheckPointSW) May 9, 2017
What It Does: By abusing a signed developer certificate, the malware is able to install without any issue. Once it has installed, it replaces your system’s AppStore Login with its own so that the malware runs every time your system reboots. It then alerts you that a security issue has been found, and asks for your admin password to update. After entering your password, the malware has administrator rights for your system. It uses this to route your internet traffic through a proxy server, and impersonate any website using fake security certificates.
You Will Be Affected If: The original infection comes from an email attachment named Dokument.zip. If you downloaded and tried to open it, the malware displays a fake “package is damaged” error message, while still copying itself into the /Users/Shared folder.
How to Check for It: The infection originates with the email attachment named Dokument.zip. If you attempted to open this file, and the above scenario sounds familiar, then you are likely infected. Apple has already revoked the original fake developer certificate. However, the malware creators have been able to find ways around this so that the threat still exists.
How to Clean It: In order to remove the infection you will need to start by quitting all open apps, especially Safari. Then you’ll need to remove the offending proxy server and LaunchAgents. Finally, removing the fake developer certificate will rid your Mac of the OSX/Dok malware. To protect yourself from infection, learn how to spot phishing emails and beware of suspicious email attachments — even if they are from contacts you trust!
What It Is: A strain of rapidly spreading ransomware that rose to prominence in 2017.
Some of our gov agencies, private firms were hit by a virus. No need to panic, we’re putting utmost efforts to tackle the issue ? pic.twitter.com/RsDnwZD5Oj
— Ukraine / ??????? (@Ukraine) June 27, 2017
What It Does: Ransomware is a particularly vicious form of malware. Once your computer is infected, the malware will encrypt all your files — on your hard drive and in the cloud. It will then demand a ransom to be paid before unlocking them. Even once payment is made, there is no guarantee that your files will actually be released. A similar ransomware known as WannaCry hit many government institutions and large businesses globally in mid-2017.
You Will Be Affected If: Ransomware can affect anyone if you are unlucky enough to become infected. NotPetya infects computers indiscriminately, paying no attention to your personal circumstances. However, as with all malware, there may be signs that your computer is infected.
How to Check for It: There is no need to check for NotPetya, or any other ransomware, they will let you know they are there. In most cases the attacker has no interest in your files — they are after the ransom money.
How to Clean It: If you become infected with NotPetya (or any other form of ransomware), do not pay the ransom. Instead, disconnect from the internet, revert to a previous System Restore point, and restore your files from a backup. In order to be protected from ransomware you need to take precautions ahead of time, like maintaining a regular backup. Making sure all your apps and software are fully up to date, and installing some form of antivirus software, will also play its part in protecting you.
What It Is: Ransomware for your Android phone.
— Avast Threat Labs (@AvastThreatLabs) July 14, 2017
What It Does: Most ransomware variants infect your device, encrypt your files, then demand a ransom to unlock them again. LeakerLocker instead targets your Android phone’s lock screen. It gathers up all data on your device and blackmails you into paying the ransom in order to unlock the device and prevent your data from being leaked.
You Will Be Affected If: McAfee discovered LeakerLocker lurking in two specific Android apps: Wallpapers Blur HD and Booster & Cleaner Pro. Cumulatively these apps had around 15,000 downloads when the malware was discovered. If you had installed either of these apps then you may have been affected. However, as previously noted, ransomware pretty quickly lets you know that it’s there.
How to Check for It: Although it was hidden inside those two specific apps, there may be other infection points that weren’t initially discovered. The malware runs on Android phones as Android/Ransom.LeakerLocker.A!Pkg. If you see this running on your device, then you have been infected by LeakerLocker.
How to Clean It: Do not pay the ransom! This is true of all ransomware, but particularly so with LeakerLocker. McAfee’s research and anecdotal evidence suggests that no user data has even been leaked by LeakerLocker. Instead, the malware may be relying on applying intense psychological pressure to make you pay. Google has already removed the offending apps from the Play Store so reinstallation isn’t possible. Installing security software on your phone is also a good idea, and can help detect threats like LeakerLocker before they take hold.
Malware Is All Around
Ransomware has extended its reach in 2017, with more criminals attempting to con you out of money. Greater access to ransomware tools has made it easier for traditional criminals to enter the digital age. Fortunately, there are ways to protect yourself.
Following proper cyber hygiene, and performing regular security checks can be beneficial. Malware and ransomware may be the security threats of 2017, but the humble virus still lurks online too. Being aware of, and protecting yourself from, threats is much less stressful than having to enter damage control mode when the worst does happens.
Have you experienced any of these new security threats? How did you overcome them? Are there any you think we missed? Let us know in the comments!
Image Credit: kentoh/Depositphotos