Exploring the Varied Faces of Malware: Real-Life Examples
Written on
Most individuals never encounter malware directly, but my extensive experience testing security software at PCMag sets me apart. Join me as we explore the dark web to reveal the true nature of malware.
By Neil J. Rubenking
It’s likely that you have never had a close encounter with malware. Even if you visited suspicious websites or clicked on dangerous links, your antivirus software likely eliminated any threats before you even noticed. This leads to the question: what does malware actually look like? Would you even be able to identify it?
In reality, many malicious programs are designed to remain hidden. For instance, a virus operates stealthily, infecting other files and systems without raising suspicion. A bot quietly resides on your device, awaiting commands to distribute spam or execute a DDoS attack. Conversely, Trojans masquerade as legitimate software, camouflaging their true purpose of stealing sensitive data. When ransomware demands your attention, you know you're in trouble.
During my ongoing analysis of new malware samples for hands-on protection evaluations, I have observed all these variations. I begin with thousands of URLs hosting malware, download their harmful payloads, and put them through rigorous tests. I often play the part of the unsuspecting user, launching unfamiliar files, allowing installations, and granting requested permissions. Below are some intriguing samples I’ve gathered in my latest search for effective testing examples.
Additionally, some of the images presented here might not match your expectations of what malware looks like. However, each has been verified by the VirusTotal website. For every sample, I submitted its unique fingerprint to the VirusTotal database, which indicated which of 70 antivirus engines flagged the file as malicious. Every program featured here was identified as malware by at least 40 of these engines.
The Dread of Ransomware
When a ransomware attack occurs, it often goes unnoticed initially. The ransomware quietly encrypts vital files, remaining undetected until it presents a ransom note demanding payment. The criminals promise to restore your files upon receiving the specified ransom, typically in Bitcoin or another cryptocurrency, but there’s no guarantee you’ll recover anything if they abscond with your money. You definitely want to avoid any confrontation with ransomware.
One notorious ransomware variant, Maze, ensures you can't miss its ransom note by taking over your entire desktop. It even offers to decrypt a single file for free to demonstrate its capabilities and encourage payment.
Screen locker malware doesn't encrypt files but obscures your desktop, locking you out of your computer. Often, these attacks falsely claim to be from law enforcement, demanding payment of a fine in untraceable currency. While some types of screen locker malware can be bypassed using recovery methods, this particular one is less forgiving and quite aggressive. Even with translation tools, it was difficult to discern its ransom demand, making escape challenging.
If you must face a screen locker, perhaps a visually appealing one is more palatable? This variant, while equally uninformative as the previous one, features flowers and an attractive anime character. I managed to defeat this one effortlessly, possibly because its filename hinted at its temporary nature.
Foreign Installers Can Be Deceptive
Malware knows no borders. Wherever people are, malware is likely attempting to establish a presence. If you encounter a Trojan designed for a different country, chances are you’ll reject the installer, just as individuals in those countries might dismiss an English-language program.
This vibrant collection showcases four of the many foreign-language installers I came across during my recent exploration. There's nothing particularly remarkable about them, aside from their aesthetic appeal. Acting naively, I clicked through each installer to completion. You, however, are wiser than that.
Trojan Horses: The Modern-Day Intruders
The original Trojan Horse was a wooden structure, a “gift” from the Greek army to the Trojans, who brought it into their city as a trophy. Unbeknownst to them, Greek soldiers were hidden within, ready to infiltrate the city under the cover of darkness.
Today’s Trojan Horses are digital constructs that breach your computer’s defenses to introduce malware, rather than soldiers. They pose significant risks.
This image depicts a utility that claims to ensure your PC runs smoothly by updating outdated drivers. However, any attempt to update or back up existing drivers requires payment. This model is often seen in legitimate programs as well as rogue antivirus scareware. Interestingly, there's a promotional price that ends today. While it's unclear what exactly this Trojan does in the background, its overt actions are quite dubious.
Interested in smartphone repair? This set of tools and manuals appears useful, but you can't see the contents until you register. While you explore the schematics, it stealthily collects personal data and accepts orders for further malicious activities from a remote server.
Interestingly, the executable files on Windows computers are referred to as PE files (Portable Executable). Each PE file begins with a detailed header containing crucial information for Windows. Malware researchers can learn a lot by analyzing this header. I considered keeping this PE analysis tool for personal use, but the fact that over 40 antivirus tools flagged it as a Trojan deterred me.
The Illusions of Fun and Games
Throughout my malware hunting expeditions, I’ve encountered numerous samples that boast dramatic visuals. They often feature intricately designed images of characters like warriors or sorceresses, accompanied by prompts in Chinese. While they carry adware, their aesthetic appeal is undeniable.
This particular image, when processed through Yandex’s OCR translator, reveals the title: “Angel of the Day.” I recall angels being more…feathery, but I digress. The text clearly pertains to logging in or registering for gameplay, with a note suggesting “Self-protection when living.”
Here’s yet another character inviting players to register or log in, while also exposing them to annoying advertisements. The text translated by Yandex is cryptic, suggesting, “Play brain play injury makes sense.” It certainly doesn’t make sense to me.
Final Thoughts
As demonstrated, malicious software varies widely, ranging from poorly designed to highly professional. With the right and updated antivirus protection, these images might be the only malware you ever encounter. Be sure to explore our guidelines for maintaining online security, as malware is just one of many threats facing your devices and personal information.
Originally published at https://www.pcmag.com.