We all know the dangers that malware (malicious software) pose to our online lives. We've all heard the horror stories from friends or coworkers who have had their bank accounts plundered, their identities stolen or their email hacked into. Some of us have no doubt experienced these abuses ourselves. And while all of the above can leave us feeling vulnerable and personally attacked and distressed, there may just be another online threat that could leave us feeling even more like the victim of a targeted attack. Welcome to the not so wonderful world of creepware.
What is creepware and what does it do?
But what exactly is creepware and what can it do? In this article we are going to take a look at the causes, symptoms and the impact creepware can have on its victims.
Creepware is a term which is used to describe something called a Remote Access Trojan (RAT), although you may also come across the terms Remote Administration Trojan, Remote Administration Tool or Remote Access Tool. Put simply these are programs that have been installed on your computer without your knowledge, which enable an unscrupulous third party to gain access to, and control of, your PC remotely.
There is, however, a difference between remote access tools and remote access Trojans in that Trojans are always used for ill gotten reasons. Remote access tools can actually be used completely legitimately; for example by a trusted remote IT support technician.
So why, the name creepware? Well for one, it's a lot less of a mouthful than Remote Access Trojan, and RAT could just be confusing. Also it's particularly apt when you realize just what a user of creepware can do once they've hijacked your machine. The presence of a Trojan means that your attacker is able to gain virtually complete control of any aspect of your computer – they'll be able to do pretty much everything that you can – just as if they were sitting at your desk at home or work too. Not only that but it's almost impossible to know if you have a Trojan on your device. It is this unsavory and, yes, downright creepy behavior that has led to the moniker creepware.
Once control has been established your attacker may do one or more of the following things:
•Spy on you via your computer's webcam and capture images of you – i.e. voyeurism
•Steal your personal data and/or files
•Monitor your online activity, log your keystrokes and steal your passwords so they can hijack your user accounts
•Listen to, and in some cases record, your conversations through your PC's microphone
•Copy or delete files such as pictures and videos
•Use stolen pictures or videos or webcam recordings to either blackmail you and extort money or persuade you to perform sexual acts on camera. If the photos or videos are of a graphic nature this is known as sextortion
•Trolling and cyber bullying
•Make your computer open x-rated adult or otherwise extreme websites, display abusive messages, or damage your system - all just for their own sick amusement
Who would use creepware?
Not surprisingly, the users of creepware tend to rank pretty lowly on the morality scale of things. Some use it to make money either by blackmail, extortion or fraud, whilst others may see their use of the malware as 'just a bit of fun'. Clearly if you're a victim of creepware you are unlikely to see the funny side, which pushes it firmly into 'trolling territory'. Whether being used as a 'joke' or a 'prank' or to extract money from a victim, using creepware involves accessing someone else’s computer without authorization – again this is morally wrong - but also a serious crime.
And in further bad news, because creepware has been designed to be extremely user friendly and boasts a logical GUI - graphical user interface – it can be utilized not only by expert hackers but by newcomers to the game too. No longer is malware the domain of the hardcore hacker or hijacker, now pretty much anyone with a desire to act maliciously online can master these programs.
How does creepware get installed on my computer?
Creepware is installed on your device in the same way that all malware programs are; all you need to do is click on a link in a dodgy email, chat room, or on a social media platform. Creepware can also be installed by drive-by downloads associated with the latest must have program, game or popular TV series, or through peer-to-peer file-sharing and torrents.
Very common is the JDB method which stands for Java Drive By. This is something which, when someone browsing the web visits a website that has a certain Java applet embedded onto it, they will see a pop-up which will display a message asking for the user to give their permission for something. The visitor to the site gives their go ahead – and creepware is promptly downloaded onto their machine
Creepware is big business!
So not only are criminally minded creepware users using the software to extort, or sextort, money from their victims but the sale of Random Access Trojan software itself can, and does, bring in the big bucks. It is possible to by the software either directly from the website of a developer or from individuals who place adverts on forums devoted to hacking and other shady online practices.
Further income is generated by self-styled and so-called creepware experts who charge people who want to set up creepware but who don't want to be bothered with any of the work. Naturally the price they will pay depends on the service provided and whilst certain creepware can be obtained for free, other, more advanced programs can cost from anything up to $250.
Okay, enough already! How do I protect myself from creepware?
To protect yourself against creepware there are a number of recommended things that you really should seriously think about:
•Make sure your antivirus is up to date and you run it on a regular basis - manually too
•Also ensure your operating system and any software you have installed on your computer is also the latest version. You can use Automatic Updates in Windows s this will auto download and install Microsoft security updates
•Don't download files or programs from dubious or third party websites
•Be careful and don't get sucked in to opening tempting looking links on social media networks, in emails or in instant messenger chat windows
•We shouldn't have to say it, but please don't open emails if you don't know the sender and whatever you do, don't click on link in emails that you don't trust
•Change your passwords every 30-90 days. How to create a strong password.
Another crucial thing to look out for is if your webcam suddenly activates itself. If you're not using it, we recommend covering it with a small piece of tape, or keeping the shutter closed, if it has one.
We all need our computers and devices, which play an important part in both our social and working lives. What we don't need is the threat and the distress that creepware – or Random Access Trojans – can cause us. Play safe and exercise caution when you're online for whilst it is certainly true that creepware is capable of inflicting potentially huge, life-changing amounts of damage, by taking certain protective steps – some as easy as sticking a piece of tape over your webcam – you can stay safe when you're online. Most of all keep your security software up to date and prevent yourself from falling victim to online blackmailers, hackers, creeps and trolls.
You get a telephone call from someone claiming to be with tech support from a well-known software company. Microsoft is a popular choice. The callers often have strong accents but use common names such as “Adam” or “Bill.” The scammers may know your name and other personal information, which they get from publicly available phone directories. They might even guess what computer operating system you’re using.
The caller tells you that your computer is sending error messages, and they’ve detected a virus on it. He says only a tech support employee can remove the virus, but first you need to grant him access to your machine. If you give the OK, the caller will run a scan of your files and actually point out how the virus has infected the computer. The scammers then offer to remove the virus…. for a fee. Of course, they need your credit card details first.
Here’s the twist. Those who allowed the caller remote access to their computers, whether they paid for the virus to be removed or not, reported difficulties with their computer afterwards, according to the FBI’s Internet Crime Complaint Center. Some said their computers would not turn on or certain programs/files were inaccessible. Some victims even reported taking their computers for repair, and the technicians confirmed software had been installed.
Here at PC Techs, we hear these same scenarios day after day. Here is our advise if you get a call from “Tech Support”
- Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
- Never provide your credit card or financial information to someone claiming to be from tech support.
- Ask for the caller’s information and report it to your local authorities or the FTC.
- If you did allow a caller to access your computer:
- Change the passwords for your computer, email and online banking/credit card accounts.
- Be sure to run a virus scan
- Consider placing a fraud alert on your credit report if you shared personal and banking information with the scammer.
If your computer is acting strange, slow, or just different than it was before the remote access, consider having it fully cleaned by a professional. Better safe than sorry.