Wednesday, March 16, 2016

What is Creepware ?

If not redirected, please click here https://www.thesecuritybuddy.com/malware-prevention/what-is-creepware/

Creepware is a malware program that gets installed in a device like laptop, desktop, smartphone, tablet or other devices using IoT (Internet of Things) and use the device's accessories like microphone and webcam to spy on the user. Many a times attackers use Creepware to invade privacy and record activities of the user for the purpose of extorting money or blackmailing.





How does Creepware infect a device ?


Creepware is a malware program and it gets installed like many other malware programs.

Attackers may use social engineering to convince the victim to click on a malicious link. They may send an email containing a malicious link. Or they may send the malware program along with some attachments of an email. On clicking on the link or opening the attachment, Creepware installs on the device from where it is opened.

Creepware may accompany some interesting looking malicious software also. On downloading software from an untrusted source or by using Peer-to-Peer File Sharing Software like BitTorrent, Creepware may infect a device.

Creepware may even infect a device using Drive-By Download on visiting a malicious website.


How does Creepware work ?


Creepware uses the concept of Remote Access Trojan or RAT. It uses a client-server model.

On infecting a device, the Creepware uses the victim's device as a server and the attacker's device as a client. And, it secretly spies on the victim using device accessories like webcam or microphone. It may record various activities of the user for malicious purposes.


Purpose of Creepware


Attackers may use Creepware for various purposes. Some of them are listed below :


Malvertising


Creepware may be used by the attackers to spy on user's browsing behavior and then use the information to advertise malicious ads to the user.


Voyeurism


Attackers may use Creepware to invade privacy of the victim and secretly record them.


Stealing sensitive information


Creepware may be used by the attackers to steal sensitive information of the user kept in the affected device.


Blackmail/Sextortion


Attackers may use Creepware to record explicit pictures and videos of the victim and later, to use them to extort money from the victim or do sexual crimes.


Trolling


Attackers may use Creepware to open strange and shocking pornographic pictures or videos on the device, display abusive messages or damage the device for their amusement.

Perpetrating DoS Attacks


Creepware may even be used to exploit the computing resources of the victim's device for perpetrating DoS or Denial of Service Attacks etc.


How to prevent Creepware ?


If we be cautious and take a couple of steps as preventive measures, it may prevent Creepware to a large extent.

  • Do not click on dubious link if you are not very sure about the authenticity of the link.
  • Do not open email attachment if you are not very sure about the sender.
  • Keep your devices always uptodate by recent patches of anti-malware programs.
  • Configuring proper firewalls in a device is always a good option.
  • Keep your browser and other commonly used software up to date with recent security patches. Very often attackers explout security vulnerabilities present in the commonly used software to infect the device.
  • Keep your Operating Systems updated with recent security patches.
  • Do not download any software from untrusted sources.
  • It is always a good advice not to use Peer-to-Peer File Sharing Software like BitTorrent or to take proper precautions.
  • And last but not the least, it is a good advice to use a tape to cover the webcam of the device if not using it.



No comments:

Post a Comment