Many resources are now available to malicious actors, such as supplies of stolen identity data to use, cybercrime sites where stolen data can be exchanged, cybercrime tools and services. In this sense, ESET, a leading company in proactive threat detection, assures that a large part of the success of cybercriminals is related to knowing how to take advantage of the mistakes that users make: clicking on phishing links, forgetting to update critical software and not using multi-factor authentication (MFA) and that is why the sooner a user finds out that they have been infected with a virus or some other kind of malwarebetter.
“Once a computer is infected, the more time passes, the more damage criminals can do and the more expensive the consequences can be. The longer a victim goes without knowing she has been compromised, the more time attackers have to monetize network access and online accounts. That’s why it makes sense to take the lead and do some checkups. In Latin America, 24% of the organizations that suffered a security incident in the last year were victims of a malware infection. It is important not to wait until it is too late to take action.”, assures Camilo Gutiérrez Amaya, Head of the Research Laboratory of ESET Latin America.
Below, ESET shares a list of some of the signs that could indicate a computer has been infected with malware:
1. You receive a message that you have been infected with ransomware: If when you turn on a PC and instead of the usual boot screen you find a text file containing a note indicating that you must pay a ransom to recover the files, there is a high probability that it is ransomware. Typically, ransomware groups give victims a short notice to pay, along with instructions on how to pay in cryptocurrency. The bad news is that even if you follow the instructions to the letter and pay, there is a good chance that you will not regain access to those encrypted files.
2. Computer runs slowNote: When malware – including Trojans, worms, and cryptocurrency miners – gets installed on a PC, it often slows down the machine. This is especially the case with some types of malware, such as cryptocurrency miners or coinminers, which are used to carry out cryptojacking attacks that use the processing power of the computer to mine cryptocurrencies. While slow computer performance can be caused by non-malicious factors, such as poor PC hygiene, it’s best to check to rule out the possibility of an infection.
3. The webcam turns on by itself: Some spyware installed by cybercriminals is designed not only to collect data from a PC, but also to secretly activate the webcam and microphone. Doing so could allow cybercriminals to record and steal videos of users and their families, with the risk that they could be used in extortion attempts. Pay attention to the light of the webcam to see if it activates itself. Or, better yet, disable it completely with a camera cap or tape.
4. Contacts receive unsolicited messages from the account: Another clear sign that a PC has been compromised is if friends and contacts start complaining about spam coming from email accounts or social networks. A classic phishing tactic is to hijack victims’ accounts and then use them to send spam or phishing emails to all of their contacts. You can easily protect yourself from account theft by ensuring that all accounts are protected with two-factor authentication, also known as two-factor authentication, or 2FA.
5. Many ads are displayed through pop-ups: Adware is a type of unwanted program used by attackers to make money by exposing victims to excessive volume of advertisements. So if pop-up windows displaying invasive advertisements are constantly displayed on the computer, this could indicate the presence of adware on the computer.
6. New tools appear in the browser toolbar: Malware can also install plugins or extensions on the browser toolbar. If any are detected that are not recognized or that you do not remember installing, it could mean that the PC has been compromised. It may be necessary to restore the PC to its factory settings to remove them, it is a malware infection. If it is a Potentially Unwanted Application (PUA), such a drastic measure may not be necessary, and it may be enough to remove the application and the toolbar.
7. Random icons start appearing: When malware is installed on a PC that has been compromised, new icons often appear on the desktop. These can be easily spotted, as long as the desktop itself is organized into a small number of files, folders, and programs. If your desktop is cluttered with files, it’s important to consider tidying it up so you can more easily spot any suspicious icons that appear on your PC.
8. Passwords/logins stop working: If the attackers have managed to compromise the PC, they may have stolen the login credentials for various online accounts, such as email, and then changed the password to prevent access. Having to deal with such a scenario can be one of the most stressful parts of any cyberattack, as every single account has to be reported stolen. In addition, if the attack could put third party accounts at risk, such as customers, partners or employee accounts, those potentially affected should be notified.
9. Data and login credentials are circulating on the dark web: If you ever receive a data breach notice from a company or service with which you have some kind of relationship, you should take it seriously and try to verify the information. Sites like HaveIBeenPwned provide information on email addresses and passwords that have been leaked as a result of a data breach or exposure. There are also dark web monitoring tools that allow you to search for data in cybercrime forums to maintain information more proactively. By acting quickly, by changing passwords and/or calling the bank to block cards, you can mitigate risk before malicious actors have been able to monetize an attack.
10. You receive warnings from security software that you have an infection: Warnings displayed by anti-malware tools should also be taken seriously, although it is also important to note that it is common for attackers to deploy fake messages alerting the person that the computer has been infected and using the name of well-known security software. That is why it is key to first check that the message is legitimate and that it really comes from computer security software. If so, follow the instructions to try to find and remove the malicious files on the PC. Do not assume that the warning means that the antivirus software will automatically remove that specific threat from the PC.
ESET says that if a PC has been compromised, it is necessary to run an anti-malware tool from a reputable vendor to try to find and remove any malicious code that has been installed, and then consider doing the following:
- Modify all the passwords of those accounts that were accessed from that PC.
- Download an MFA application to reduce the risk that a malicious actor could compromise any of the accounts.
- Invest in a dark web monitoring tool to verify what data has been stolen and/or exposed.
- Freeze the possibility of applying for credit so that cybercriminals cannot obtain new lines of credit in your name.
- Monitor all accounts for suspicious activity, especially bank accounts.
“If you are not sure if you have completely removed malicious code from your PC, we recommend considering changing your passwords from an alternative device. Contact your security software provider or bank for more information”, recommends Camilo Gutiérrez Amaya, from ESET Latin America.
Listen to Dale Play on Spotify. Follow the program every Monday on our available audio platforms.