Riskware. What is it? How to Spot it and Avoid it
This post is also available in: Danish
Whether we use it mostly at home or at work, the Internet is not always a safe place – clearly. As cybersecurity professionals, we know – and try to draw everyone’s attention too – that there are dozens of threats we need to be aware of in order to protect our online security. In this context, we cannot refrain from speaking about riskware.
What Is Riskware?
Riskware is a general concept referring to legitimate programs that are potentially risky because of software incompatibility, security vulnerability or legal violations. Typically, these programs are not designed to be malicious – some of their functions may be used in malicious purposes, though, and cybercriminals might exploit them to hijack computer systems, steal data or cause disruptions. When something like this intercedes, they can be considered malware, an ill-intentioned software that can disrupt normal computer operations, harvest confidential information, obtain unauthorized access to computer systems, display unwanted advertising etc., and a security issue that affects over 40% of the companies.
Risky software usually leaves systems vulnerable when it comes to data and program exploits (due to program misuse or data breaches) and legal risks (due to abuse of privacy or illegal attempts to modify programs – just last year Google had a privacy issue when some Dutch customer’s audio recordings on Google Home smart speakers were leaked).
Vulnerable Computer Functions
The most vulnerable functions of your device are the following:
- system kernel — system’s core data
- vital system operation areas — registry, internet functionality protocols etc.
- data-gathering hardware — GPS, microphone, camera etc
- programs modifications — changing code, disabling features etc.
Ryskware Types and Software Examples
The riskiest programs for your company are remote support utilities, Internet relay chat clients, dialer programs, file downloaders, auto-installers, password managers, computer activity monitoring software and the Internet server services (FTP, proxy), because they might:
1. Create unnecessary vulnerabilities
Riskware programs can be dangerous when they function with modified software or use external programs to delude the original design. This happens in the case of fraudulent licensed copies, for example, like the ones used to replicate the Windows OS, where all interaction with the vendor’s services, like updates or security issues fixes, is disabled. Moreover, riskware can also turn you into an easy target for hackers if it is poorly designed or not coded and tested with security in mind.
2. Violate laws
It is not uncommon for many types of software to tread a fine line when it comes to legality. For example, surveillance software can be entirely legal or entirely illegal depending on how it is used and the state where it is used. A legal check is necessary if your company uses employee monitoring software that somehow stores non-business private data.
3. Monitor user behavior
Data collection is the main issue that makes user behaviour monitoring software risky. This type of software has legal risks by default, but the gathered data can also get exposed to malicious players. Companies that work with a lot of user data are often targeted and can be affected by the actions of cybercriminals.
4. Provide Malware Access
As we have already mentioned, riskware can easily become malware depending on how it is used. When installing new programs on a device, you must pay attention to bundled software and secondary programs from third parties that may not have been properly designed for security. Riskware programs are also dangerous when combined with adware (advertising-supporting software), because free sponsor-supported applications may very well lack quality control.
5. Violate the Terms of Service of other software
Any software that threatens the terms of software of other programs are inherently riskware. For example, cracking programs that can safely be used by white-hat hackers for internal product research and development or educational purposes can also be used by cyber-criminals in malicious ways, to gain profit and do harm.
Whether we’re talking about devices used for work purposes, whether we talk about the ones used for private matters, riskware applications may imply serious threats, like the ones mentioned below:
ZergHelper (or Happy Daily English) affected iOS mobile devices. As Mitre Attack mentions, the ZergHelper riskware “was unique due to its apparent evasion of Apple’s App Store review process.” ZergHelper “evaded Apple’s app review process by performing different behaviors for users from different physical locations (e.g. performing differently for users in China versus outside of China), which could have bypassed the review process depending on the country from which it was performed”.
The application was classified as riskware since it didn’t have any malicious functionality – now removed by Apple from the App Store, it could, among others, install modified versions of iOS apps whose security couldn’t be insured or abuse certificates to sign and distribute apps with unreviewed code or that might have abused private APIs.
When it comes to Android, 17 harmful apps were recently removed by Google Play Store. Most of them were related to wallpapers, QR codes reader and scanners, data transfer and file managers. They included delayed malware effects which bombarded the devices they were installed on with possibly dangerous intrusive advertisements.
The most notable Android riskware might have been WhatsApp Plus, though, an application available in 2017. According to Info Security Magazine, it was “a variant of Android/PUP.Riskware.Wtaspin.GB, which steals information, photos, phone numbers and so on from a mobile phone.” This application, “once installed, tells users that their app is out of date and offers a download link. Once clicked, users are taken to a webpage written entirely in Arabic. The page calls the app <<Watts Plus Plus WhatsApp>> and purports to be developed by someone named Abu.”
Moreover, another aspect worth mentioning here is the danger posed by the torrents applications. It might be understandable that you sometimes want to watch a good movie or TV show without having to pay a subscription to Netflix or HBO Go, for example, buuuut…torrent applications can easily turn into malware. Also, as we’ve already shown here, even programs like VLC, that allow you to download subtitles directly from them, without visiting an additional website, can be used to turn your device into a target.
How to Spot Riskware
Now that you learned what riskware is and why it is so dangerous, you need to know how to spot it in case you must use certain applications, even though they might be risky. Here’s what to look for:
1. Software origin
Even though some riskware might have been installed by default on your operating system, any software and the permissions for it should be authorized by you or the person in charge from your company’s IT department. If you do not know the provenience of a certain software, you might be at risk.
2. Software permissions
There is always a certain risk when you provide applications access to the camera, microphone, contacts or other data. Make sure only authorized users grant permissions to the applications your colleagues and employees need to install.
3. Software updates
It’s essential that the applications your company uses receive updates directly from their developers, because hackers might use outdated OS or apps to trick users to expose sensitive information.
4. Terms of service violations
Make sure the terms of service of the programs that interact with each other are always read, in order to avoid blatant violations.
Many applications walk on a grey area of legality, but most pirated programs are definitely not legal. It’s best to avoid any programs that allow you to perform fraudulent activities.
How to prevent Riskware
One might think that riskware protection is a pretty vague concept, since it basically means that you must be cautious with any software you use on your devices. There are, however, quite a number of measures you can adopt in order to stay safe.
- only download programs and mobile apps from trusted sources.
- read prompts and terms of service before installing any program.
- don’t keep any programs that have not been authorized on your system.
- limit deep system access and administrator privileges.
- don’t install programs that unnecessarily ask for too many permissions.
- don’t keep programs that inhibit the proper functioning of other important software.
- avoid downloading illegal or explicit content on your devices.
- establish a rigorous software installation policy, ideally using application whitelisting
- patch your software regularly
As Carlos Mario Zapata Jaramillo, Maria Clara Gomez Alvarez and Guillermo Gonzalez-Calderon say in their paper about riskware, “risk management emerges as an important discipline” nowadays.
When considering the cybersecurity of your company, you must bear in mind that there are three main risk sources:
- The external threats of cybercriminals or competitors.
- The applications’ and devices’ vulnerabilities can be exploited by malicious players.
- The users’ behavior and the way they set up the devices they work on, which possibly give malicious players access to sensitive information.
Although it is not possible to be 100% protected against all of the threats imposed by the mentioned risk sources, it is highly recommended to be aware of them, to know what riskware is and to take all the necessary safety measures that are up to you.
Also, keep in mind that Heimdal Security is always on your side. Our comprehensive and unified cybersecurity solutions suite is designed to safeguard your company from a variety of attack vectors.
Drop a line below if you have any comments, questions or suggestions.