Published on September 3rd, 2019 📆 | 2345 Views ⚑0
Malware Hiding As Textbooks & Essays is Once Again on the Rise
- Kaspersky warns students of the dangers of downloading textbooks and essays from shady locations online.
- Most of the time, these files come with malware droppers and nasty invasive worms.
- In many cases, these files are made to look like documents, but in reality, they are executable files that can easily infect your system.
According to a freshly published Kaspersky report, malicious actors are currently targeting students who are returning to their classrooms for another academic year. The files that are used to hide malware inside them are textbooks, essays, and other study material and supporting documents. Oftentimes, this material is very expensive for students or is simply not available in their location, so many resort to the internet in order to find what they need. In many cases, this material is offered for free, as the main goal is to infect victims with malware.
The Kaspersky researchers report that over the past academic year, they have detected a total of 356,000 attacks that are themed as educational documents. In 65.45% of these cases, the files that were used for the malware distribution were essays. The remaining one-third consists of textbooks, aiming at students of all educational levels. The researchers have even located highly targeted material such as textbooks that deal with natural science topics, and which were downloaded by 18 people only. This indicates that malicious actors feel that their chances are better when offering niche and specialized content that is not easy to find anywhere.
As for the types of malware used in these cases, Kaspersky says that the “Stalk” worm holds the first place in the list. This type of malware is preferable for the actors because it can penetrate USB flash drives that students typically use on college and university networks, so it can easily get inside valuable large-scale networks. The second most used malware is actually a downloader called “Win32.Agent.ifdx” which can be set to retrieve crypto-miners, ransomware, or banking trojans onto the host system. Finally, actors also use ‘WinLNK.Agent.gen’ and ‘MediaGet’ tools, which are payload and torrent downloaders respectively.
All that said, students are advised to be very careful when searching for a particular textbook or essay. If possible, use a printed version find in your local library, and borrow and print the parts you need if you can’t afford the whole thing. Do not trust dubious online sources, do not click on flashing download buttons, and do not believe “downloader” tools that promise to retrieve the document for you. Even if a downloaded file looks like a document, check if it’s an “EXE” executable instead, and avoid launching it. Finally, update your OS and use an antivirus solution from a reputable vendor.
Have something relevant to the above story to share with us? Go ahead and leave your comments down below, or on our socials, on Facebook and Twitter.