Malware is malicious software designed specifically to disrupt, damage, or gain unauthorized access to your devices. Among the malware family, you will find trojans, viruses, worms, spyware, and more. Any operating system whether that is Windows, Mac, Linux, Android, iOS or other, is targeted by malicious actors in some way through malware. It is crucial for anyone using a digital device in daily life to protect themselves against malware, even if that device is not connected to the internet since malware can be transmitted through Bluetooth, USB or other methods.
If you need to report an incident or you have fallen victim to ransomware, reach out to our Support team by clicking the button below:
What can malware do?
Every time you download a file or program, click a link, or connect your device to a new network or unknown device, you put all of your devices at risk. Not just that single device, but all the devices that you use, and the devices of others that you connect with.
If you get malware on your device, you could also be infecting the devices of friends and family.
The true risk of malware however lies in the fact that many will remain dormant within your devices without your knowledge. These software programs are specifically instructed to wait until you enter your password (keylogger), enter your bank account (banker trojan) or enter your crypto accounts. They can also be used when you aren't even using your device (botnet and mining trojan). And one of the worst types of malware is known as ransomware, in which case the malware will lock you out of your device and will ask for payment in order for it to be unlocked again.
Unfortunately this is only a short introduction about the various types of malware that are available, and as the digital world keeps on changing, new threats pop up every day.
Protecting against malware
Upgrade, update, and verify the firmware, software, and apps of all the devices that you use frequently, and the devices that connect to them. A common mistake is to only update the device you use most, but your home network security is only as strong as the weakest link. So make sure to also check your modems, routers, printers and IOT (Internet of Things) devices.
Once everything is up-to-date, next is making sure that you have everything protected with a strong password. We recommend using a reputable password manager for this purpose, so that you have a unique and randomly generated password for each device and service that you make use of. Don’t forget your modem and Wifi network passwords during this process!
On your home network, make sure that your network settings are set up in such a way that each device is isolated from one another. For other tips about this, check out the below video:
Finally, once the basics are secured, make sure that you keep your security tight. This means checking the authenticity of any apps you download onto your devices or any links you decide to click. If you have family members or friends that regularly access your network, you may want to clarify this with them as well. Also mind who you give access to your devices, either physically or remotely through software like Teamviewer or AnyDesk.
Common types of malware
Email is a very common way for malware to be distributed. To protect yourself against this type of malware distribution, we recommend the following steps:
- Always verify if the sender of the email is legitimate. In particular the domain of the email address of the sender should be reviewed. Any minor difference can mean that you are being contacted by an impostor. For example, if you expect an automated email from Kraken it should have been sent from [email protected], and not from [email protected]. To ensure that you are always receiving emails from our verified address, we recommend using PGP encryption.
- Before clicking a link in an email, always check where it will direct you. You can do this by hovering the cursor of your mouse over the link and looking in the left bottom corner of your browser which will display the website you will be sent to. Another way to check a link is by clicking with your right mouse button on the link and then choosing to copy the link address. Once copied, open text editing software on your device and paste it in there to see where you will be sent if you click on the link. On mobile devices, this will work by tapping-and-holding the link until you get a menu where you can choose to copy the link address. Clicking on a suspicious link can lead you to a malicious website which could automatically download malware onto your device. In some cases you don't even have to click on anything else at this website to get an infected device. If you at any moment have the feeling that you visited a suspicious website that pretended to be Kraken, please immediately fill out this form. Don't delete the email until you have heard back from us, so that we can investigate its source.
- Only open email attachments from trusted sources. Although many email providers already put a lot of effort into scanning your attachments for viruses, this won't protect you from all risks. An email attachment can be disguised in many ways to look like a common file that you would trust, like a PDF document or a ZIP archive. The best way to address this risk is by verifying the sender again, while keeping in mind that their email account could have been compromised. Check if this is the typical type of message that you get from this sender, and if it is out of the ordinary, reach out by phone to verify that they actually sent it. Do not use another digital channel to communicate with the sender, since there is a chance that you may then be dealing with an impostor. Phone calls, video calls, or meeting in person are the best ways to keep the risk low. Finally, remember that the sender may not be aware of their devices being infected by malware, so once you do download the file; run a virus scan over that file to cover all possibilities of being affected by malware.
Copy and Paste malware
Once this malware has been downloaded onto your device, it will remain dormant until you copy and paste sensitive data like a 2FA code or a cryptocurrency address. In the case of a cryptocurrency address, the malware will automatically change your crypto address to an address that the malware creator controls.
Always verify crypto addresses before sending funds
Once cryptocurrency is sent the funds cannot be recovered.
This malware is designed to lock your device and steal your files. It will ask you to send a ransom payment in cryptocurrency, after which it claims that you will get access back to your device. Many times you will not get the files back or be able to recover your device, and the malware will just ask for more funds until you stop paying.
To reduce the risk of ransomware beyond following the tips that have been shared before, it is crucial that you have a solid backup method that gets used at a regular interval. This backup should also be kept separate from your devices and disconnected from your home network. We recommend either using a secure end-to-end encrypted cloud environment which uses redundant storage or using an external drive that gets stored in a vault.
Note that while sometimes there are methods to unlock your infected device by accepting help from a third party, more often than not these third parties are impostors. We don’t advise taking up contact with these third parties, unless you are certain that you will receive your data before any payment is made. Also keep in mind that you could put any remaining devices at risk if these third parties request you to download files which could also be infected with malware.