African Internet users, be they on their smartphones or desktops, are constantly at heightened risks for online attacks by cybercriminals.
Cybercriminals are a desperate and innovative sort. For all of their faults, it can never be said that those that write and distribute malware do not think outside the box, or that they do not have an impressive command of the psychology of the average internet user, these techno fiends even turn our quest for love against us.
That is why it is so desperately important for users to recognize signs and protect themselves from cybercriminals because the truth is, they will do whatever it takes to use you for their own gain.
Understanding this, it is unsurprising that a new method of distributing malware was just uncovered by Internet Security shamans, Kaspersky. The hot new method? Using fake security certificates to trick the user into installing a virus on their device.
Most of us have stumbled upon a webpage that produces warnings from our devices proclaiming that whatever data lays within the page could possibly be harmful – sometimes to access these pages, new security certificates require to be installed.
Next time this happens to you, Kaspersky warns, “pause before you install.”
So far two trojans have been identified as downloads in these types of attacks, namely the hideous Mokes and Buerak viruses. These will either give a hacker access to the backdoor of your device, allowing them to run roughshod over all your information – the former – or simply open a door within the internet and inundate your system with a wave of other malware – the latter.
Backdoors are particularly dangerous. Users that have backdoors installed might never even suspect that their machines are compromised. All the while, a cybercriminal could be snooping through their files and watching as passwords are being entered.
Kaspersky notes that this form of malware delivery is brand new. In the past, cybercriminals have used updates for legit applications to install malware on the systems of users, but to use false security features is unheard of.
“People are particularly susceptible to this type of attack because it appears on legitimate websites, ones they’ve probably visited. What’s more, the address listed in the iframe is, in fact, the real address of the website.”
Seeing this, Victoria Vlasova – security expert at Kaspersky – says, most users will then have the natural instinct to install the fake certificates, so they can view the content they’re used to viewing normally again.
“Users should always be wary when prompted to download something from an online source – chances are, it’s not necessary,” she adds.
2 Recommendations on how to avoid downloading harmful malware:
- Double-check the format of the URL and the spelling of the company name
- Manually type the website address in your browser, rather than visiting via links
By Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter