Login

Welcome
Are you a new user?
Register Here





Retrieve Password
print   email   Share

Drive-By Downloads: A New Way For Malware To Infect Your Phone Or Computer

Security researchers with Google's Project Zero recently discovered malware that can spread to any iOS device that visits one of a number of hacked websites. The websites, which were not named in the report, receive more than a thousand visitors per week.

The new malware capitalized on 14 security exploits, including several 0-day vulnerabilities in iOS. It has already infected devices running iOS 10 through iOS 12.

According to the Project Zero report, the hackers created "five separate, complete and unique iPhone exploit chains," suggesting a sustained effort for more than two years to hack the iPhones of users in certain communities.

After a user visits an infected website, malware installed on the device collects a large amount of sensitive data, including text messages, photos, and real-time GPS locations, all while running unnoticed in the background.

Apple fixed the vulnerability with a security update in February, but only after the infected websites had been in operation for more than two years.

Many security researchers believe this malware is state-sponsored. Ziad Alim "Researchers Reveal The Most Dangerous Piece Of iOS Malware Ever Seen" arizonadailyregister.com (Sep. 2, 2019).

Commentary


The "drive-by download" is a type of malware attack that does not require any interaction on your part, meaning malware can infect your computer or device even if you do not click on anything. All you need to do is visit a compromised website for to malware to automatically download onto your device.

In addition to the above attack, Google's Project Zero researchers found a wild iOS exploit in August that would allow malware to take over a targeted device without the user downloading it. Fortunately, Apple fixed the issue and there is no sign that the exploit was used.

However, these two malware cases are a reminder that users need to take precautions beyond avoiding clicking on unknown links or attachments in emails.

Luckily, there are steps you can take to reduce your risk of falling prey to a drive-by download. Generally, these attacks exploit vulnerabilities in a browser, app, or operating system. Keeping these up-to-date will go a long way in protecting your computer or device from drive-by downloads.

Enabling your firewall and installing ad blocking software can also reduce your risk of a drive-by download. Use a search tool or web-filtering software that warns you if a site contains malware.

Criminals may install malware on websites that look safe. However, certain types of websites are more likely to contain malicious content. Always avoid adult-only and file-sharing sites, as they pose the greatest risk.

Finally, the two attacks discussed above are a reminder that even devices running iOS are vulnerable to malware. Never assume that you are safe because of the type of computer or mobile device you have. Always follow cybersecurity best practices, whether your operating system is Windows, iOS, or something else.

Finally, your opinion is important to us. Please complete the opinion survey:

Today's Workplace

Cybercriminals Target Seniors: What Employers Should Know

With cybercriminals stealing $40 billion annually from seniors, everyone needs to know how to protect themselves and the older adults they know. We examine.

read more

Drive-By Downloads: A New Way For Malware To Infect Your Phone Or Computer

Some malware requires no action on your part to infect your device. Learn how to protect yourself from this type of attack.

read more

Worm Risks Highlight The Need For Fast Patching

A million computers remain vulnerable to the BlueKeep flaw, even though Microsoft released a patch. Read why you must keep devices updated, and what can happen if you don't.

read more