Viruses, worms, trojan horses, spyware, ransomware and adware are all common types of malware that most of us have heard of, or even encountered online.
But is everyone safe with good antivirus software installed on their devices and away from malicious websites? Not quite, as some threats are difficult to detect, such as riskware. So what is riskware? How can you keep yourself safe?
How does Riskware work?
A portmanteau of “risk” and “software”, the term riskware is used to describe any legitimate program that is not designed to be malicious, but has certain security vulnerabilities. Threat actors can take advantage of these security holes to spread malware or steal information for bad reasons.
But how exactly does riskware work and how do these attacks work? When cybercriminals discover a vulnerability in a common application, they can commit bad behavior in a number of different ways. If successful, their attempt will result in the targeted software being compromised without the user’s knowledge.
For example, employee monitoring software has become very popular in recent years, as more places adopt the remote working model. These programs are made to monitor email and live chat, take screenshots, record keystrokes, keep track of the websites employees visit on company computers, and more. A vulnerability in such a program puts both the company and its employees at great risk.
Mobile devices are also in danger from riskware. Apps that can be downloaded from official app stores have been caught asking for permissions that are out of the ordinary. This could allow malware to be installed or violate user privacy in some way. For example, some of the most popular apps for editing photos have security holes that worry us.
But backdoors aren’t the only scary thing about riskware. Riskware can also be used to describe any program that stops other software from being updated, breaks the device in some way, or breaks the law where the user lives.
What are the different kinds of riskware?
There are many different kinds of riskware, such as dial-up programs, IRC clients, monitoring software, Internet server services, password managers, auto-installers, and more. But the tools can be used by anyone. Remote access tools, file downloaders, and system patches are the most common.
Tool for Remote Access
IT departments can’t do their jobs without remote access tools and administration programs, but they are inherently risky. If these programs aren’t properly locked down, a threat actor could get full access to many machines on the network and put the security of the whole company at risk.
Tool for getting files
File downloaders are also called riskware because, even if the downloader itself isn’t malware, it can download malware without the user’s knowledge. And because your antivirus won’t recognize the legitimate downloader as malware, it will be able to download unwanted and possibly dangerous software.
Fix for a system
OS patches and updates are a common type of riskware, which may seem like it goes against common sense. In fact, it’s likely that you’ve heard of a big tech company putting out an update that opens up new holes that cybercriminals can use.
How to find risky software and stop attacks
Riskware is notoriously hard to find because it’s not really malware. This is a big deal because you can’t trust anti-virus software or other tools like that. In other words, it’s up to you to solve the problem. But there are ways to spot software that could be dangerous.
When checking your device for riskware, the first thing you should do is look for programs that you don’t have installed. If you find an app on your phone that you didn’t put there yourself, it was either downloaded by another program or came with your phone. And since even the software on the device can be riskware, you are often not taking precautions, even if you think you are. Even the most stubborn programs can be removed, which is good news.
Second, check the app’s permissions every time you want to use it. This is especially true for mobile devices. For example, an e-book reader app needs file permissions to open documents, but it doesn’t need access to your camera or contacts. If it wants to do these things, it’s probably riskware.
You should also look for apps that haven’t been updated in a while by scanning your device. If a program doesn’t get updates from its developer on a regular basis, it could be a security risk because cybercriminals often look for holes in those programs.
The next question is whether or not it is legal. Most likely, a program is riskware if it lets you access content that was stolen. Some torrent clients, for example, have been found to install cryptocurrency miners on users’ computers, which uses up CPU power.
And finally, there are threats from riskware that don’t have an obvious backdoor or security hole, but instead interact with other software on the device in a way that stops that software from doing what it was made to do. (Reading the terms of service for each app is a good way to see if they might conflict with each other.)
If you follow these steps, you’ll be able to spot possible riskware. If you find a program like this, make sure to get rid of it. In general, you should only download software from trusted and official sources, avoid programs that ask for permissions you don’t need, limit your admin rights, and keep an eye out for any strange behavior on your computer or phone.
Riskware is a problem for cybersecurity because almost any program, even software that came with your device, can be turned into riskware.
But someone who poses a threat can only use an app against you if they have the chance to do so. The best way to stop this from happening is to stay aware and keep an eye on the device for any changes. Also, try to be picky about the software you use as much as possible. You should also keep an eye on the latest trends in cybercrime and use threat intelligence to create a security plan.