Cyberattacks 101: Scareware as Malware

Malicious behavior using new malware variants is on the rise. Cybercriminals continue to expand and improve attack methods, uncover new vulnerabilities, and develop fresh exploits. Unfortunately, these evolving techniques work because they often get through traditional defenses undetected. With proper knowledge, awareness, and cautious browsing, you can help defend against these attacks and keep both you and your organization’s data secure.

Let’s take a deeper dive into scareware malware and what it could mean for you.

What is scareware?

On a basic level, scareware is a type of malware that uses fear-based distribution tactics to trick victims into thinking that they need to interact with the malware.

First, the hacker tries to convince the victim they’re in trouble or danger and then offer them a solution. An all-too-common example of scareware is receiving a pop-up in your browser that says something like “We’ve detected viruses on your computer! Click here for help.”

Essentially, the hacker will use any fear-based tactic they can to convince you to click on a link. Once the victim clicks on the message, they are typically taken to a page that tries to sell them a piece of software. In the example here, the user would probably be coerced into downloading an anti-malware software to supposedly protect themselves.

What are the objectives of scareware?

A few things could happen after the victim purchases and downloads the software that will allegedly solve their predicament. The best-case scenario is the software does nothing and ends up being completely useless. The hacker just pockets the money spent on an unnecessary tool.

The worst-case scenario – and something we’ve seen more and more of – is the software is actively malicious. Some scareware will lock up a device and outright demand a ransom. For example, the hacker may demand $20 and report you to the authorities if it doesn’t get paid. Or even worse, they could request a much higher amount and threaten to destroy the machine and the files on it if the victim doesn’t pay up.

Other types of scare-based tactics use this same method to trick users into sharing personal information such as credit card numbers and Social Security numbers, so they can steal them. For example, the hackers will trick people into believing if they don’t enter their credit card number, the card will be canceled.

Hackers will also try to scare users into visiting a compromised website by serving up a pop-up ad that says, “Click here or your phone service will be canceled in 24 hours.” Cybercriminals who administer scareware will try to leverage anything to scare users into giving them information for their own financial gain.

Finally, some scareware groups will just use the above scenarios to get their foot in the door so they can carry out a more malicious cyberattack. If the user engages with the scareware – whatever form that may be – they could download malicious software that could be used to perpetrate a ransomware attack or put a Trojan on the machine.

Cyberthreat Hunting Guide | Protect Your Network

Take a proactive stance against cybercriminals and learn how to hunt potentially malicious network behavior in our complimentary white paper. Download our Cyberthreat Hunting Guide to discover how threat hunting can improve your security posture.

How does scareware spread?

Scareware can spread not only by visiting a compromised website or downloading malicious software, but it can also come from phishing emails, too. Hackers will send an email meant to scare the user and trick them into clicking on a malicious link, thus, infecting the user’s computer with the malware.

Outside of malicious downloads and phishing, another big scareware spreader is what’s known as malvertising. Malicious advertising, or malvertising, entices a user to click on what they believe to be a clean website, but it really takes them to a compromised website. Along those same lines, browser pop-ups are a classic (and still extremely popular) source of scareware malware. The typical rundown of the pop-up method is as follows:

1. A pop-up will appear in the browser, which is how the scareware will first present itself to the victim. The most common version of this is in the form of a security alert. For example, “There are viruses on your machine! Click here to mitigate it!”
2. Many of these pop-ups will include “clickjacking,” where clicking on the pop-up in any capacity, including the cancel or X out button, will still allow it to operate. Wherever the pop-up gets clicked, it’s still going to download the malware or demand personal information.
3. Some pop-ups will freeze the victim’s screen until they engage with it, refusing to allow them to click away to other tabs or close the browser.

How can you avoid scareware?

Let’s look at what you can do to avoid scareware.

1. At a basic level, it’s always best to try to avoid suspicious or unknown websites. If you are going to click a link, hover your cursor over it for a second to see where it’s actually taking you so you can keep to safe websites. (Remember the rule: forward slash, two dots back.)
2. Do not engage with strange pop-ups or suspicious and/or uncomfortable ads. You should also go into your browser settings and disable pop-ups to prevent the scareware from ever presenting itself to you.
3. If you do find yourself in a situation where a strange popup has appeared and you are not able to close that tab, instead of just giving up and engaging with it, consider using Task Manager to shut down the application.
4. Finally, if you’ve accidentally engaged with a malicious ad, consider disconnecting your Wi-Fi connection so you are no longer connected to the malicious website.
5. Ensure your antivirus and anti-malware software is installed and up to date.

All of these steps can help you avoid and help you respond if you think you’re about to be the victim of a scareware attack.