Viruses, worms, Trojan horses, spyware, ransomware, and adware are all common types of malware that most of us have heard of, if not encountered online.
But everyone should be safe as long as they have good antivirus software installed on their device and stay away from fishy websites, right? Not quite, because some threats are difficult to detect, like riskware. So what is riskware? How can you stay safe?
How Does Riskware Work?
A portmanteau of the words “risk” and “software,” the term riskware is used to describe any legitimate program that was not designed to be malicious, but has certain security vulnerabilities. Threat actors can—and do—exploit these security holes, whether to deploy some kind of malware or steal information for nefarious purposes.
But how does riskware work exactly, and how do these attacks take place? When cybercriminals discover a vulnerability in a popular application, there are several different routes they can take. If successful, their attempt results in the targeted software being compromised without the user knowing.
For example, employee monitoring software has become very popular in recent years, as more workplaces adopted remote models. These programs are designed to monitor email and live chat exchanges, take screenshots, log keystrokes, take note of the websites an employee visits using company computers, and so on. A vulnerability in such a program would expose both the company and the employees to tremendous risk.
Riskware is also a threat to mobile devices. Perfectly legitimate apps that can be downloaded from official app stores have been caught demanding unusual permissions that could allow the installation of malware, or violate user privacy in one way or another. Some popular photo editing apps, for example, have significant security vulnerabilities.
But backdoors are just one worrying aspect of riskware. The term riskware can also be used to describe any program that blocks another piece of software from being updated, causes a device to malfunction in some way, or violates laws in the user’s country or region.
What Types of Riskware Are There?
There are many different types of riskware, including dialer programs, IRC clients, monitoring software, internet server services, password management programs, auto installers, and more. However, the most common ones are remote access tools, file downloaders, and system patches.
Remote Access Tools
Remote access tools and administration programs are something IT departments can’t live without, but they are inherently risky. If not properly secured, these programs could allow a threat actor to gain full access to multiple machines on a network, and so jeopardize an entire company’s security.
File downloaders are also often considered riskware, because even if a downloader is not malware in and of itself, it can stealthily download malicious programs. And because your antivirus would not recognize a legitimate file downloader as malware, it would be allowed to download unwanted and potentially dangerous software.
This may sound counterintuitive, but operating system patches and updates are a common type of riskware. In fact, you have most likely heard of a major tech company releasing an update, and that update creating new vulnerabilities for cybercriminals to exploit.
Obviously, this doesn’t mean you shouldn’t update your systems regularly—you should, but this is definitely something to keep in mind.
How to Spot Riskware and Prevent Attacks
Precisely because riskware is not actually malware, it is notoriously difficult to detect. This is a major problem, because you can’t rely on your antivirus or similar software. In other words, you have to handle the issue yourself. But there are ways to spot potential riskware.
The first thing you should do when checking a device for riskware is look for any programs that you haven’t installed. If you spot an application that you never installed, it was either downloaded by another program, or came pre-installed. And since even software native to a device can be riskware, you can never be too careful. Luckily, even the most stubborn programs can be removed.
Secondly, always examine permissions before using an app. This applies to mobile devices in particular. For example, an eBook reader app needs file access to open documents, but it doesn’t need access to your camera or contacts. If it asks for such permissions, it is most likely riskware.
Another thing you should do is scan your device for apps that haven’t been updated in a while. If a program is not receiving regular updates from its developer, it is a potential security risk because cybercriminals often target such programs and search for openings.
Then there’s the issue of legality. If a program allows you to access pirated content, there is a good chance that it is riskware. For example, it is widely known that some torrent clients have been discovered installing cryptocurrency miners to user’s devices, consuming CPU power in the process.
And lastly, there are riskware threats that have no backdoors or obvious security vulnerabilities, but interact with other software on a device in way that they prevent that software from doing what it is designed to do (a good way to check for any potential conflicts between apps is to analyze their terms of service).
Taking these steps will help you spot potential riskware. If you find such a program, make sure you remove it from your device. Generally speaking though, you should only download software from reputable and official sources, avoid programs that ask for unnecessary permissions, limit administrator privileges, and keep an eye out for any unusual behavior on your computer or smartphone.
Understand Riskkare to Protect Yourself
Riskware is a unique cybersecurity challenge because almost any program can become riskware, including the software that came pre-installed on your device.
But a threat actor will only be able to weaponize an app against you if given the chance to do so. The best way to prevent this from happening is to stay alert and monitor your devices for any changes, while at the same time being as selective as possible with the software you use. It is also a good idea to follow the latest trends in cybercrime, and develop a security approach based on threat intelligence.