Malware is one of the most popular vectors to commit online fraud, and one that is shockingly easy for fraudsters.
But how does malware get out there onto our mobile devices, our websites and even our data servers?
The most common method is through malware injection. Before we dive into this tricky subject, we’ll explain a few things.
What is malware?
Malware is any form of software developed with the intention of carrying out a malicious or vindictive activity. This normally means performing some type of cyber crime which can include:
- Stealing passwords or login information
- Illegally monitoring internet activity
- Proxy cryptocurrency mining
- Collecting information for identity theft or credit card fraud
- Remote access (such as accessing cameras or microphones)
- Adware (pushing intrusive ads via pop-ups)
- Advertising click fraud, or ad fraud (fraudulent engagement with ads, usually without the users knowledge)
- Hijacking your device for other uses such as fake traffic
In short, malware is usually designed to perform a fraudulent process, usually without being detected. Most people who have malware on their devices won’t even notice, although there are some telltale signs, which we’ll look at shortly.
What’s the difference between a virus and malware?
The terms malware and virus are often used interchangeably – which in some respects is correct. In fact, a computer virus is a type of malware.
But there are a few differences between a virus and malware.
The key feature is that a virus is usually self propagating, spreading itself through email attachments or infected software.
But not all malware spreads itself. Some may actually need manual interaction to install, and some may be spread by bot traffic, for example using brute force attacks to install a malicious code snippet.
However, malware injection attacks can happen automatically. For example if a browser lands on a website infected with malware elements, or if an app containing malware is downloaded from an app store.
At this point, we can get very technical and start discussing things such as SQL injection or the technical elements of an injection attack.
But as a marketing and fraud focused blog, we’re going to keep it simple.
What is malware injection?
The act of forcibly inserting malware into an app, web browser or website is known as malware injection.
This can also occur by simply adding new lines of code, known as code injection or SQL injection. This is perhaps the most common form of malware injection and one that doesn’t require much work from a human angle.
By performing code injection, or SQL injection, a previously harmless piece of software or website can suddenly perform any manner of the cybercrimes listed previously.
However malware injection can also mean an entire new software element such as an app is loaded into the host device. An example of this is when a software program is installed but hidden from the device user.
This may happen because the user has clicked a hidden download link which then runs covertly.
Malware within mobile apps has become a major challenge for app developers and app stores.
When placed on the store, either Google’s Play Store or Apple’s App Store, these apps usually don’t have any malware elements within them. However, they often receive the code injection either as part of an update or via a security flaw exploit.
Because the code injection usually happens after the software has been installed, it bypasses the security measures used by the app platform. And of course because this malicious code has been injected without the user’s knowledge, it will usually evade detection.
The tell-tale signs that you may have downloaded an app containing malware may include: unusual pop up ads, even if you aren’t running an app; battery losing power quicker than usual; strange icons in your app drawer or disappearing icons.
A common method for malware to be injected into your web browser is by adding malicious code to add-ons or extensions using drive-by downloads. This cunning tactic forces code injection by either hiding the malware element within an clickable unit, such as an ad or button on the page; or worse still, the site simply runs the executable code and installs on your browser with no action from the user.
Browser malware can also come from extensions or add-ons, which can easily contain malicious code.
As we mentioned above, some websites can contain malware elements which can make them vectors for malware injection attacks.
These forms of injection attacks don’t always occur from shady looking sites. Cyber criminals are adept at spoofing, or copying, well known or popular websites and may fraudulently direct you to these spoofed sites to distribute their malware
Fraudsters might also gain access to a website with poor security and inject malicious code. For example, any website with no fraud protection can easily be compromised by a brute force attack. This attack will then go on to inject malware code which can harvest customer data, steal payment details, shut the site down via a ransomware attack or more.
Data center malware
Our dependence on data centers means that these huge information repositories are a hot target for fraud and malware. And despite their importance to the global internet infrastructure, and the security systems most of them have in place, they are not immune to malware attacks.
The most common forms of malware affecting data centers are ransomware attacks and DDoS attacks. A recent attack affected 365 data centers with ransomware, which isn’t uncommon.
But the servers in these industrial information silos can also be loaded with malware containing bots. This means they can be used to perform ad fraud or spam attacks amongst other activities.
How does malware injection impact business owners?
Digital fraud is a many headed beast, so the effects of malware are varied. These effects can be hugely disruptive and/or practically unnoticeable.
The malicious software can be used to perform a wide variety of actions such as:
Phishing and fraud
The most damaging for most business owners is the disruption on their own website. With inadequate security, a website might fall victim to a bot attack which uses malware injection to add malicious code to their site.
Their website might then be used by fraudsters to perform phishing attacks, or to steal customer data. Of course the damage to your online reputation as a result can be catastrophic.
And, in the era of GDPR and data privacy, this even leaves you open to potential legal issues.
Protecting your customer security has always meant being wary of hackers or data theft. But more than ever your hacker isn’t a man in a dark room wearing a hoodie – but most likely a software developer with a spoofed website.
Probably the most dreaded form of malware attack is ransomware. Once the ransomware malware is on your device, it can shut down your service online for any length of time, until a solution is found or the ransom is paid.
It’s not just the huge cost of paying a ransom or paying to fix the problem on the spot. The impact of lost revenue and lost trust can be more damaging than the attack itself.
Click fraud and ad fraud
Another insidious form of malware activity is the practice of advertising click fraud, which is currently the most prevalent and costly form of digital fraud.
This is where paid ads are clicked or viewed by non-genuine sources such as bots. However, some malware can also run scripts to view or engage with ads in the background, even if an app or software package isn’t actually running.
Ad fraud can also use click injection, or click jacking, which is where the genuine human activity on a device can be diverted to a hidden element such as a hidden ad. An example of this is Drainerbot, which ran in the background by loading video ads and generating impressions without the user’s knowledge.
Find out more about click fraud here
In addition to these serious threats, there is also the added issue of a slow device or website as the malware uses up all the processing power.
This is often the first sign that a device, app or site is infected with malware. There may also be unusual behaviour such as glitches, crashes, pop-up ads and other malicious behaviour.
Because the injected code is often forcibly added to the database it obviously messes with the functions and processes.
If you do feel that there is unusual or malicious behaviour occurring on your website, app or device, be sure to run a scan as soon as possible.
To reduce the chances of disruption from malware attacks or code injection there are a number of precautions to take.
Firstly, use strong security measures. At the very least this means that all access to your database should be with strong passwords, and ideally using 2 factor authentication (2FA). This reduces the chances of brute force logins which can be a source of code injection attacks.
Secondly, protect your website from bot activity with a bot blocking tool such as Bot Zapping from ClickCease. This layer of protection means that bots can’t access your site atall, and are simply diverted to a 403 page (forbidden access error page).
A third layer of protection is to run regular scans of your website, your databases and any devices you use for your business. Keep your fraud and virus scanning software updated, and also run any software updates as soon as possible.
As a bonus fraud protection layer, digital marketers should be sure to prevent fraudulent activity on their paid campaigns. Google Ads and Facebook Ads, for example, are subject to high levels of fake clicks from bots and malware sources. In 2021, this fraudulent activity accounted for over $41 billion in lost revenue from fake traffic and lost business.
ClickCease offers the industry leading click fraud prevention solution, stopping bots, unusual activity and fraudulent IP addresses in real time.
Sign up for a FREE 7 day trial to run your own traffic audit.