By Pieter Arntz
There are several different types of malware that look for interesting information on an infected computer and transmit that information to the threat actor.
Identifying and removing the malware is our job, but what do you need to do yourself to control the aftermath? To answer that question it’s important to know what information the malware was after and sometimes how long it has been active.
What types of information are the malware authors after? Most of the time they are after anything that they can turn into cash. In rare cases of targeted attacks, they could be after other confidential information. Consider for example a keylogger installed by a close relative who is curious about some aspects of your private life.
But usually we can divide the sought after information in these categories:
- Banking details
- Shopping website credentials
- Other website credentials
- Gaming credentials
- Bitcoin and other eMoney wallets
- Email credentials
When is the infection period important and why? It is important in cases of malware that tracks the user’s activities like keyloggers and malware that intercepts internet traffic. It should be clear that knowing when this tracking started can be very helpful in determining which important information could have been stolen.
Tip: do not rely on your memory too much. If you are not sure, change that password of which you are unsure whether you have used it recently.
How do I recognize malware that has stolen information?
Sometimes you can tell by our naming convention that a particular malware was after your information. But not all of them are called Spyware.PasswordStealer. For starters look up information about the detection on your machine. Alarm bells should be ringing if the detections are spyware, keyloggers, and backdoors. Although, other Trojans are capable of stealing information as well.
In our threat library you can find information of this kind under the header Remediation, so look for your detection there if this applies to you.
In most cases, this is easy to guess. The stolen information could be used in ways that will cost you money. What could be the threat actors goals?
- Withdrawing money from your accounts
- Shopping at your expense
- Impersonating you for other reasons
- Extortion with personal information (doxing, sextortion, etc.)
What can you do to limit the dangers as much as possible?
- Change the passwords that might have been stolen for every website you can remember logging into.
- If your email account has been compromised, change that password first as other credentials may be sent to you by mail and still end up in the wrong hands. Some webshops even send you a password in plain-text (shudders).
- Keep a close eye on your banking and eMoney accounts. Use the activity alerts that some banks offer.
- Keep tabs on your posts in social media. It may look silly to check what you have supposedly posted yourself, but imagine someone else doing it for you.
Stay safe out there and get protected.