Feb 14, 2023 By Priyanka Tomar Back

What is malware | Malware basic components | What is Fileless Malware | How does malware gets into device

Malware full form is malicious software and it is a program or code that is intentionally written to harm, destroy, exfiltrate or exploit computer systems or devices, or computer network. Examples of malware are viruses, worms, Trojans, spyware, and ransomware.

Malware can infect the device by following ways-

  • Using instant messaging apps such as Whatsapp, FB messenger, WeChat, Telegram, Skype etc and internet relay chat that is mostly used during online gaming or while transferring the files online. IRC is a network of Internet servers that use a specific protocol through which individuals can hold real-time online conversations via computers and other devices. Many of botnets utilize IRC to communicate with bot-infected machines. Its examples are mIRC, XChat, and irssi.
  • Using removable device, USB devices– Many worms spread by infecting removable drives such as USB flash drives or external hard drives. The malware can be automatically installed when you connect the infected drive to your device. This technique typically involves copying files or modifying the existing files stored on the removable media. Further wherever you use this infected usb device, those devices also get infected, and infection can be spread over the entire computer network.
  • Links and attachments in the email – There are two ways malware can compromise your email protection. First, they can disguise themselves as website links and as you click on a malicious link, you can end up opening an infected website which will install an virus in your device. Most viruses, Trojan horses, and worms are activated when you open an infected attachment or click a malicious link contained in an email message. If your email client allows scripting, then it is possible to get a virus by simply opening an email message. Second– If you open any infected attachment, it may be in any format such as pdf, word, ppt etc
  • Via Freeware software – While some freeware software may be free from malicious code and are useful. But there are instances where freeware can be malware. Many freeware programs have added software packaged with it. In some cases, this added malicious software (such as spyware, adware, or browser hijackers) are disguised as legitimate software and spreads through downloads.

Malware can spread through Browser – Malicious websites or advertisements can automatically download malware onto a user’s device when they visit the website or click on the advertisement. There may be Phishing scams: Attackers may use fake websites to trick users into entering their personal information, which can then be used for identity theft or other malicious purposes. By Exploiting vulnerabilities: Outdated software or plugins can contain vulnerabilities that attackers can exploit to install malware onto a user’s computer. Using Malicious ads or banners: Some malicious ads or banners can infect a user’s computer with malware if they click on them. Using Malicious browser extensions: Unscrupulous browser extensions can contain malware that can infect a user’s device.

Basic Components of malware –

Cryptor – A software that disguise malware as a legitimate product through encryption or obfuscation and make it harder to detect by security programs. It is used by cybercriminals to create malware that can bypass security programs by presenting itself as a harmless program until it gets installed. It encrypts the original binary code of the executable file.

Downloader – A type of trojan that downloads malware from the internet on to the device to carry on exploitation process. Usually, attackers install downloader software when they first gain access to a system.

Dropper – A type of trojan that covertly installs other malware files on to the system either from the malware package or internet. Attackers embed malware files inside droppers, which can perform the installation task covertly.

Exploit – A malicious code that breaches the device security via software bug, flaw or vulnerabilities to access information or install malware.

Injector – A software program that injects its code into other vulnerable running processes and changes the way of execution to hide or prevent its removal.

Obfuscator – A software program that conceals its code and intended purpose via various techniques, thus making it hard for security mechanisms to detect or remove it.

Packer – A software that allows to bundle all files together into a single executable file and compress these to bypass security software detection.

Payload – A software that allows to control a computer system or to execute an attack once it has been exploited.

Malicious Code A command that defines malware’s basic functionalities such as stealing data and creating a backdoor etc .

What is Fileless Malware

Nowadays malwares have advanced these advanced malwares are called as Fileless Malware. It runs only in memory. It does not write any file to the disk directly. Rather it contains script and when computer boots or any specific process starts then it may modify the process, it can modify windows registry values or can write new values. it uses approved Windows tools for installation and execution, thus circumventing security programs and applications whitelisting processes.