Cybercriminals know that even average users of the Internet and modern devices are becoming more and more aware of various cyberattacks and malware, like phishing attacks, ransomware, spyware, adware, viruses, worms, and more. The ingenuity of hackers and their drive for fraudulent activities for profit are reflected in their ever-changing attempts to operate as undetected as possible, flying lower and lower under the radar to get your information. If they are continually improving their attacks, shouldn’t we continually advance in protection and prevention as well?
For individual consumers who do not have the luxury of having their own IT and anti-malware team monitoring their online activities and device performance, security should be everybody’s business. If you are holding a smartphone in your hand, using a desktop or laptop, or have done any online activity in the last 24 hours, then this call to action is for you—be aware of newly emerging forms of malware out there and get yourself protected today!
Here are ways you might be getting a virus, malware, or your accounts in social media hacked and ways you can get yourself protected:
- Malware and Social Media Scams
Norton Security points out a form of malware called Grayware that may not be as physically damaging to your data as other malware, but it recurs annoyingly like adware and spyware. Grayware’s presence in social media sometimes comes as a clickbait that leads you to an external link. This link may take you to a variety of ways. One way is through a survey that you would need to fill up to access whatever hides behind it. The information you’ve typed in will be harvested and sold to other attackers who would use it to infiltrate personal accounts. The good thing is that your mobile devices do not get compromised just by logging into social media sites. There must be an interaction between the user and an embedded link for the infiltration to happen.
In addition to grayware running rampant on social media platforms, there are also high risks of encountering dangerous malware across social networks. The link once clicked, sent users to an affiliate program, which was how spammers made money. Again, this scam seemed reasonably harmless to the user’s computer. Grayware can be used to track your visits and be able to give you appropriate content relevant to what you have visited before.
However, there are other instances where what got downloaded can be a dangerous malware program. Hackers may use SVG image files to propagate either a worm or an external link. An SVG file is an XML-based vector image file that can accommodate animation. It is preferred to be used by hackers as they can provide dynamic content. A hacker can write malicious code right into the image itself. That code may contain a link to an external site, a video, a file to be downloaded, or a survey to unlock whatever you wanted to see at the other end. If you are suspicious of a file, better not open it or click on it.
In social media, there are a lot of duplicate and fake accounts that are entry points for phishing scams. From these accounts, hackers have impersonated US military personnel to befriend women and scam them. There was also an instance where a hacker tweeted, using the social media account of a media outfit, that the US President got injured in an explosion. Hackers have used email to make phishing attacks for years but have found more success using social media for these types of infiltration.
- Exploit Kits
Your social media account and much more can be compromised once your app or apps get infiltrated. Generally, exploit kits are what they sound like – a hacker’s toolkit that searches your computer or mobile devices for outdated software. These kits look for security holes in the outdated software to implant malware on the user’s machines.
The breach may happen by visiting websites that have malvertising on them. Malvertising may exist on any site, trusted or unknown, social media account or not, as it uses online ads by putting malicious code in official announcements. However, malvertising doesn’t always have exploit kits.
In 2014, the popular website, Askmen.com, got compromised and redirected some users to a site hosting an exploit kit. The site may not have updated their site as hackers may have been looking for a website with vulnerabilities and once they found vulnerabilities in Askmen.com, they injected malicious code in different areas of the site to redirect users to site where they could download Caphaw, a malware that targets financial details and also inserts itself into the victim’s network propagating the malware. Though the site Askmen.com has maintained that they have not found any intrusion in their systems, there has been evidence that developers have found injections into their script that points to malware intrusion.
These exploit kits have lost some popularity in recent years, but their invasion of Internet Explorer and flash-based apps and programs remain on a high level. They even revised their coding that would make the exploit kit session-based, making it hard to recreate the invasion in a controlled environment.
Obviously, to keep yourself protected from exploit kits, keep your mobile devices, OS, and apps updated. Regular updates ensure that patches cover any vulnerabilities in your device. Along this line, choose either an antivirus that meets your needs. What I mean is, if you are always online and have a great mobile data plan, choose an antivirus that uses cloud capabilities to keep your device updated. If you have enough storage, choose an antivirus that stores their database on your device and releases updates regularly.
- Mobile Ransomware
In a 2017 report, ransomware caused 1, 783 complaints, and damages amounting to $2,344,365. Ransomware is taking hostage the data within a computer by encrypting it. One way of getting that data back is by paying the ransom. Thus, the reason for the name. The victim will need a key to unlock the encryption. Ransomware targets files and programs that are essential for your operation. It encrypts these files and restricts access for the user.
Ransomware needs an entry point. Usually, the infection starts upon downloading an infected app or malicious app from an infected website whose link was posted through your social media account. But phishing remains as one of the main ways of entry and subsequent infection for ransomware.
As a way to keep yourself protected from mobile ransomware, keep regular backups of your data on your phone. Should you get infected, restore your phone to the latest backup. Regarding the ransom, the FBI suggests not paying the ransom and contacting the authorities for assistance.
- Malware Through Online Games
There have been entertaining online games found on social media. But it is way different from the way games look now. But beyond the look, online games have made much money. It made $138 Billion in 2018, $148 Billion in 2019, and is projected to earn $180 Billion by 2021. These numbers have made the online games market a target for attacks like malware and scams. And online gamers do keep an active social media account.
Some online gamers have some game accounts that they’ve already forgotten. Should those forgotten accounts be compromised, online players usually are not worried because they are thinking that they are not using it anymore. And they are also considering it is an old game. But the credentials they kept and the sensitive information that was stored there still exists. Hackers can sell the moment they get hold of such data. Although cheap, other cybercriminals would use that information to keep trying to hack into your other accounts. Hackers are hoping that gamers use the same password or a variation of it for all their other accounts. Hackers are a resilient bunch that they will keep trying until they crack it. Once they’ve gained access, hackers are not just after your credentials. They know that game accounts are connected to sensitive financial records. They can also try and encrypt your game progress and keep it for ransom.
Developers of online games would like players to earn their achievements, rewards, gears, and equipment by putting work and time into getting all of that from the exploration of the game. But for some, the lure of power-ups or cheats is irresistible, especially if the player is facing a difficult level and would like some help in getting over the hurdle. Unofficial power-ups and tricks are available for purchase. Sadly, the financial credentials are abused after the online purchase.
There have been cases where links were provided in the chat for a live stream of a game. There have been cases of links given in the comment sections of video sites where tutorials or cheats are shown. These links lead to an external site where online gamers or just fans would need to fill out a survey to be able to continue. The review will be to gather information from the user. The external site may also contain a file that you would need to download to gain the power-up or cheat, but the file may turn out it be a password stealer or any malware.
For this reason, online gamers must keep a reliable antivirus and internet security option on their mobile devices. Change your passwords and do not have the same password for your gaming account and social media account.
Malware from Browser Add-ons
Another way to access your social media accounts, other than the app, is through your web browser. A popular web browser such as Google does have add-ons that add features and functions to your web browser. But sometimes malware can sneak into a browser as an add-on. Most web browsers do not ask permission to access when installing a plug-in. Extensions are just allowed to be installed, which can be an entry point for malware to infiltrate your system. Even if you downloaded an extension or plug-in and the developer is trusted and sound, their account can be hijacked and be intercepted so that hackers can introduce a modified update of the add-on that contains malware and install it to your system. As an add-on, your browser allows it to update anonymously.
To keep yourself protected, install only a few essential add-ons for your browser. And download from the official store only as they have a team that works to ensure, as much as possible, that no malware is added to any app or add-on.
Conclusion: Let’s be aware
Social media platforms should be a place where we meet new people and interact with those we already know and love. Be aware of the tactics and strategies listed above and how hackers breach your data to keep yourself informed of the dangers. Your network can be the target of hackers. Keeping yourself protected is a duty we need to do to protect not just ourselves and our sensitive information, but also includes our network. Be aware that malware can propagate in an infected social media account, even if you only have less than a hundred friends. Malware does the propagation by sending a message to your friend with a link or a friend request. Because you trust your network, you would either click the link or add that friend request from a dummy account. Here is an interesting read about ways to keep your computer and online credentials safe and secure. Your social media account is connected to so many areas of your life, and you need to keep it safe by installing an antivirus and internet security option in your devices.