Anybody who uses the internet can fall victim to malware. The malicious code is often so crafty that researchers only detect their presence after the initial attack. For the average consumer, the situation is far worse. Tap or click here to discover how malware exposes passwords saved in browsers.
As malware becomes increasingly sophisticated, you must be more vigilant than ever. Some might not even be aware their device is already infected. But it’s not entirely their fault as a new malware variant makes detection a nightmare.
Even though BLISTER has been around since early last year, security researchers are only now figuring out how it operates. Read on to see how the new malware can trick your system into believing it’s harmless.
Here’s the backstory
Cybercriminals use different methods to hide malware from antivirus software or app store detection. Sometimes the malicious code is embedded in documents like Word or PDF files or redirects victims to downloading malware from infected web links.
But BLISTER uses an evergrowing technique that can be more dangerous. The Elastic Security team noticed that the malware uses a valid code signing certificate. This means that it piggybacks on legitimate software by tricking the antivirus.
Assigning a valid code signing certificate to itself makes BLISTER stealthier than most malware. Elastic Security points out that it can enter systems without detection.
Since the primary entry method is through a signed certificate, BLISTER can spread through apps, infected links or embedded into files. It could pose as something harmless, and the certificate will match, but the payload delivered can trigger information-stealing processes.
What you can do about it
One defense you have against malware is to keep your device’s operating system and software up to date. Developers release a series of patches that fix any vulnerabilities every month, and antivirus providers update their threat libraries.
Here are a few other things that you can do to remain safe online:
- Only download apps from official app stores and never use third-party app libraries for content.
- Don’t click on links in unsolicited emails or text messages. Malware can hide in attachments or links redirect you to a malicious website.
- It’s always a good idea to refrain from clicking on pop-ups or banners, especially for products or services that you don’t know.
- Never overshare personal informaiton on social media. It can be used in social engineering attacks later.
- Have trusted antivirus software on all of your devices.
If you are looking for a great antivirus solution, we recommend our sponsor, TotalAV? Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price.