This post is also available in: Danish

Whether we use it mostly at home or at work, the Internet is not always a safe place – clearly. As cybersecurity professionals, we know – and try to draw everyone’s attention too – that there are dozens of threats we need to be aware of in order to protect our online security. In this context, we cannot refrain from speaking about riskware.  What is riskware, you may wonder? 

Riskware is a general concept referring to legitimate programs that are potentially risky because of software incompatibility, security vulnerability or legal violations. Typically, these programs are not designed to be malicious – some of their functions may be used in malicious purposes, though, and cybercriminals might exploit them to hijack computer systems, steal data or cause disruptions. When something like this intercedes, they can be considered malware, an ill-intentioned software that can disrupt normal computer operations, harvest confidential information, obtain unauthorized access to computer systems, display unwanted advertising etc., and a security issue that affects over 40% of the companies. 

Risky software usually leaves systems vulnerable when it comes to data and program exploits (due to program misuse or data breaches) and legal risks (due to abuse of privacy or illegal attempts to modify programs – just last year Google had a privacy issue when some Dutch customer’s audio recordings on Google Home smart speakers were leaked). 

What is Riskware – Vulnerable Computer Functions 

The most vulnerable functions of your device are the following: 

– system kernel — system’s core data

– vital system operation areas — registry, internet functionality protocols etc.

– data-gathering hardware — GPS, microphone, camera etc

– programs modifications — changing code, disabling features etc.

What is Riskware – Threatening Software Examples 

The riskiest programs for your company are remote support utilities, Internet relay chat clients, dialer programs, file downloaders, auto-installers, password managers, computer activity monitoring software and the Internet server services (FTP, proxy), because they might: 

what is riskware - how does it function

1. Create unnecessary vulnerabilities 

Riskware programs can be dangerous when they function with modified software or use external programs to delude the original design. This happens in the case of fraudulent licensed copies, for example, like the ones used to replicate the Windows OS, where all interaction with the vendor’s services, like updates or security issues fixes, is disabled. Moreover, riskware can also turn you into an easy target for hackers if it is poorly designed or not coded and tested with security in mind.  

2. Violate laws 

It is not uncommon for many types of software to tread a fine line when it comes to legality. For example, surveillance software can be entirely legal or entirely illegal depending on how it is used and the state where it is used. A legal check is necessary if your company uses employee monitoring software that somehow stores non-business private data.  

3. Monitor user behaviour 

Data collection is the main issue that makes user behaviour monitoring software risky. This type of software has legal risks by default, but the gathered data can also get exposed to malicious players. Companies that work with a lot of user data are often targeted and can be affected by the actions of cybercriminals. 

4. Provide Malware Access 

As we have already mentioned, riskware can easily become malware depending on how it is used. When installing new programs on a device, you must pay attention to bundled software and secondary programs from third parties that may not have been properly designed for security. Riskware programs are also dangerous when combined with adware (advertising-supporting software), because free sponsor-supported applications may very well lack quality control. 

5. Violate the Terms of Service of other software 

Any software that threatens the terms of software of other programs are inherently riskware. For example, cracking programs that can safely be used by white-hat hackers for internal product research and development or educational purposes can also be used by cyber-criminals in malicious ways, to gain profit and do harm.

Whether we’re talking about devices used for work purposes, whether we talk about the ones used for private matters, riskware applications may imply serious threats, like the ones mentioned below: 

ZergHelper (or Happy Daily English) affected iOS mobile devices. As Mitre Attack mentions, the ZergHelper riskware “was unique due to its apparent evasion of Apple’s App Store review process.”  ZergHelper “evaded Apple’s app review process by performing different behaviours for users from different physical locations (e.g. performing differently for users in China versus outside of China), which could have bypassed the review process depending on the country from which it was performed”. 

The application was classified as riskware since it didn’t have any malicious functionality – now removed by Apple from the App Store, it could, among others, install modified versions of iOS apps whose security couldn’t be insured or abuse certificates to sign and distribute apps with unreviewed code or that might have abused private APIs. 

When it comes to Android, 17 harmful apps were recently removed by Google Play Store. Most of them were related to wallpapers, QR codes reader and scanners, data transfer and file managers. They included delayed malware effects which bombarded the devices they were installed on with possibly dangerous intrusive advertisement. 

The most notable Android riskware might have been WhatsApp Plus, though, an application available in 2017. According to Info Security Magazine, it was “a variant of Android/PUP.Riskware.Wtaspin.GB, which steals information, photos, phone numbers and so on from a mobile phone.” This application, “once installed, tells users that their app is out of date and offers a download link. Once clicked, users are taken to a webpage written entirely in Arabic. The page calls the app <<Watts Plus Plus WhatsApp>> and purports to be developed by someone named Abu.”

Moreover, another aspect worth mentioning here is the danger posed by the torrents applications. It might be understandable that you sometimes want to watch a good movie or TV show without having to pay a subscription to Netflix or HBO Go, for example, buuuut…torrent applications can easily turn into malware. Also, as we’ve already shown here, even programs like VLC, that allow you to download subtitles directly from them, without visiting an additional website, can be used to turn your device into a target. 

What is Riskware – and How to Spot It 

Now that you learned what riskware is and why it is so dangerous, you need to know how to spot it in case you must use certain applications, even though they might be risky. Here’s what to look for: 

1. Software origin

Even though some riskware might have been installed by default on your operating system, any software and the permissions for it should be authorized by you or the person in charge from your company’s IT department. If you do not know the provenience of a certain software, you might be at risk. 

2. Software permissions

There is always a certain risk when you provide applications access to the camera, microphone, contacts or other data. Make sure only authorized users grant permissions to the applications your colleagues and employees need to install.  

3. Software updates

It’s essential that the applications your company uses receive updates directly from their developers, because hackers might use outdated OS or apps to trick users to expose sensitive information. 

4. Terms of service violations 

Make sure the terms of service of the programs that interact with each other are always read, in order to avoid blatant violations. 

5. Lawfulness 

Many applications walk on a grey area of legality, but most pirated programs are definitely not legal. It’s best to avoid any programs that allow you to perform fraudulent activities.

What is Riskware – Precautions 

One might think that riskware protection is a pretty vague concept, since it basically means that you must be cautious with any software you use on your devices. There are, however, quite a number of measures you can adopt in order to stay safe. 

The most important? Protect your devices with a smart antivirus solution. 

Heimdal Official Logo
Simple standalone security solutions are no longer enough.


Is an innovative and enhanced multi-layered EDR security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

The basic ones? 

– only download programs and mobile apps from trusted sources. 

– read prompts and terms of service before installing any program. 

– don’t keep any programs that have not been authorized on your system. 

– limit deep system access and administrator privileges. (On our blog you can also find more info about the Principle of Least Privilege, about Heimdal Privileged Access Management and Privileged Account Management.)

– don’t install programs that unnecessarily ask for too many permissions. 

– don’t keep programs that inhibit the proper functioning of other important software. 

– avoid downloading illegal or explicit content on your devices. 

Another important precaution you can take is, as Risk Management Monitor suggests, to have written policies regarding the use of “properly licensed software.” 

what is riskware - unlicensed software dangers

Source: Risk Management Monitor

When it comes to antivirus solutions, we can recommend you to try Enterprise Endpoint Security but also Heimdal Privileged Access Management for the protection of your company, and Heimdal™ Premium Security Home for the protection of your personal devices. 

Enterprise Endpoint Security is a multi-layered security suite that brings together threat hunting, prevention, and mitigation in one package, for the best endpoint protection. It combines the power of Heimdal™ Threat Prevention and Heimdal™ Next-Gen Antivirus & MDM, so you will enjoy both revolutionary technologies like DarkLayer Guard, VectorN Detection, and Heimdal™ Patch & Asset Management, and a powerful firewall and process behavior-based scanning.  

Thor Admin Privilege™ is very useful if you want to automate the management of privileged accounts since it will allow you to proactively manage, monitor, and control them. Heimdal™ Privileged Access Management helps system admins to approve or deny user requests from anywhere or set up an automated flow from the centralized dashboard.  Moreover, all the activities will be logged for a full audit trail, so it will be crystal clear who did what and when. 

Heimdal Official Logo
System admins waste 30% of their time manually managing user rights or installations

Heimdal™ Privileged Access Management

Is the automatic PAM solution that makes everything easier.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Heimdal™ Premium Security Home can help you completely secure your digital life at home, offering you a threat prevention solution based on machine learning and powerful antivirus for flawless online security. It can eliminate vulnerabilities found in your system and protect your valuable data, all while making sure that your system is always updated and secure.

Wrapping Up 

As Carlos Mario Zapata Jaramillo,  Maria Clara Gomez Alvarez and Guillermo Gonzalez-Calderon say in their paper about riskware,  “risk management emerges as an important discipline” nowadays. 

When considering the cybersecurity of your company, you must bear in mind that there are three main risk sources: 

  1. The external threats of cybercriminals or competitors. 
  2. The applications’ and devices’ vulnerabilities that can be exploited by malicious players.
  3. The users’ behaviour and the way they set up the devices they work on, which possibly gives malicious players access to sensitive information. 

Although it is not possible to be 100% protected against all of the threats imposed by the mentioned risk sources, it is highly recommended to be aware of them, to know what riskware is and to take all the necessary safety measures that are up to you. 

Also, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

Leave a Reply

Your email address will not be published. Required fields are marked *