Viruses, worms, Trojan horses, spyware, ransomware, and adware are all common types of malware that most of us have heard about, if not seen online.
But everyone should be safe as long as they have good antivirus software installed on their device and stay away from shady websites, right? Not quite, as some threats are difficult to detect, such as riskware. So what is riskware? How can you stay safe?
How does Riskware work?
A portmanteau of the words “risk” and “software”, the term riskware is used to describe any legitimate program that was not designed to be malicious, but contains some security vulnerability. Threat actors can and do exploit these security holes, whether to deploy some sort of malware or steal information for nefarious purposes.
But how exactly does riskware work and how do these attacks happen? When cyber criminals discover a vulnerability in a popular application, they can take several different paths. If successful, their effort results in the targeted software being compromised without the user knowing.
For example, employee monitoring software has become very popular in recent years, as more workplaces have adopted the remote model. These programs are designed to monitor email and live chat exchanges, take screenshots, log keystrokes, and pay attention to the websites an employee visits using company computers. Vulnerabilities in such a program would put both the company and the employees at enormous risk.
Riskware is also a threat to mobile devices. Completely legitimate apps that can be downloaded from official app stores have been caught asking for unusual permissions that may allow installation of malware, or violate user privacy in one way or another. For example, some popular photo editing apps have critical security vulnerabilities.
But backdoors are just one worrying aspect of malware. The term riskware can also be used to describe any program that prevents another piece of software from being updated, causes the device to malfunction in some way, or violates laws in the user’s country or region. violates.
What are the types of riskware?
There are many different types of riskware, including dialer programs, IRC clients, monitoring software, Internet server services, password management programs, auto installers, and more. However, the most common are remote access tools, file downloaders, and system patches.
Remote access tools
Remote access tools and administration programs are something IT departments cannot live without, but they are inherently risky. If not properly secured, these programs can allow a threat actor to gain full access to multiple machines on a network, and thereby jeopardize the security of an entire company.
File downloaders are also often considered riskware, because even if a downloader is not malware in itself, it can stealthily download malicious programs. And because your antivirus will not detect a legitimate file downloader as malware, it will be allowed to download unwanted and potentially dangerous software.
It may sound counterintuitive, but operating system patches and updates are a common type of riskware. In fact, you’ve most likely heard of a major tech company releasing an update, and that update creates a new vulnerability for cybercriminals to exploit.
Obviously, this doesn’t mean you shouldn’t update your system regularly – you should, but it’s definitely something to keep in mind.
How to identify riskware and prevent attacks
Precisely because riskware is not actually malware, it is extremely difficult to detect. This is a big problem, because you can’t trust your antivirus or similar software. In other words, you will have to handle this issue on your own. But there are ways to spot potential riskware.
The first thing you should do when checking a device for riskware is to look for any programs that you haven’t installed. If you see an application you’ve never installed, it was either downloaded by another program, or came preinstalled. And since even a device’s original software can be risky, you can never be too careful. Fortunately, even the most stubborn programs can be removed.
Secondly, always check the permissions before using the app. This especially applies to mobile devices. For example, an eBook reader app needs file access to open documents, but it doesn’t need access to your camera or contacts. If it asks for such permissions, it is most likely risky.