Malware authors are always finding ways to be up-to-date with current events in their distribution campaigns.
According to a brand new research by Kaspersky Lab, the latest wave of malware is hiding in school- and student-related content posted for free access. To establish this, the researchers checked the number of infections their solutions identified in school-related files. What were the results?
“Over the past academic year, cybercriminals who have been targeting the field of education have tried to attack our users more than 356,000 times in total,” the researchers said. What is important to note is that of all the instances, 233,000 cases were malicious essays downloaded by more than 74,000 users. About a third of all the cases were textbooks, or 122,000 attacks, with at least 30,000 users attempting to open the malicious files.
What types of textbooks do cybercriminals target?
English textbooks were the most popular, with 2,080 attempted downloads. Math textbooks were next, with 1,213 attempted infections. 870 potential victims tried to download literature textbooks.
However, malware attackers also targeted less popular subjects, as the researchers also came across malware disguised as textbooks in the natural sciences and in “less commonly taught foreign languages at both the K-12 and college levels“.
What malware is hidden in said textbooks?
It appears that certain types of malware are often distributed via fake educational files. The first thing to note here is that sites with such content are often covered in “Free download” buttons. These websites often feature the MediaGet downloader, instead of the actual document.
Other popular suspicious downloads in the analyzed cases are the WinLNK.Agent.gen and Win32.Agent.ifdx downloaders, which are quite popular in downloads related to textbooks and essays. “The archive contains a shortcut to a text file, which not only opens the document itself, but also launches the attached malware components,” Kaspersky said. These downloaders can be used by attackers to drop more malware on compromised systems, such as persistent adware and cryptominers.
In addition, these infections can be spread without the help of dubious sites, for example, in spam campaigns. As it turns out, spammers also spread malicious textbooks and essays, which eventually drop the Worm.Win32 Stalk.a worm.
This worm has been around for quite a while, and we had previously thought that it had fallen out of use. To our surprise, it is not only still being actively used, but it is also the ‘educational’ malware with the greatest number of victims.
To avoid such infections, you should keep your system and software up-to-date. Other useful prevention tips include examining your email attachments, even those that appear to be sent from people you know.
Have a close look at the extensions of the files you intend to download. If you download an EXE file instead of a document, it is safer not to open it at all. Malware is often hiding in executable files. And finally, don’t underestimate the importance of anti-malware solutions.