{"id":1468,"date":"2022-12-01T08:10:00","date_gmt":"2022-12-01T08:10:00","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/2016\/04\/12\/5-ways-malware-can-creep-into-your-system\/"},"modified":"2023-10-26T21:02:41","modified_gmt":"2023-10-26T21:02:41","slug":"how-you-get-malware","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/","title":{"rendered":"How You Get Malware: 8 Ways Malware Creeps Onto Your Device"},"content":{"rendered":"<p>Malware can unleash devastating attacks on devices and IT systems, resulting in the theft of sensitive data and money, destruction of hardware and files, the complete collapse of networks and databases, and more. Understanding the attack paths malware uses to invade your systems is important for setting up defenses to stop it.<\/p>\n<p>Email and the Web are the primary vectors for malware to creep into an organization, but there are many other ways. Most of the time, it even happens without the user or IT even knowing. Below we discuss some of the most common ways malware can infect your device \u2014 along with security measures you can use to stop it.<\/p>\n<p>If you\u2019ve been hit by malware and are looking for help, see\u00a0<a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-to-remove-malware\/\">How to Remove Malware: Removal Steps for Windows &amp; Mac<\/a>.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d702343fc4a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d702343fc4a\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#8-Ways-Malware-Gets-on-Your-Device\" title=\"8 Ways Malware Gets on Your Device\">8 Ways Malware Gets on Your Device<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#Malvertising\" title=\"Malvertising\">Malvertising<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#Spear-Phishing\" title=\"Spear Phishing\">Spear Phishing<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#Web-Trojan-Download\" title=\"Web Trojan Download\">Web Trojan Download<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#Weaponized-Documents\" title=\"Weaponized Documents\">Weaponized Documents<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#Spoofed-Websites\" title=\"Spoofed Websites\">Spoofed Websites<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#Fraudulent-Mobile-Apps\" title=\"Fraudulent Mobile Apps\">Fraudulent Mobile Apps<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#Remote-Desktop-Protocol-RDP\" title=\"Remote Desktop Protocol (RDP)\">Remote Desktop Protocol (RDP)<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#Removable-Hardware\" title=\"Removable Hardware\">Removable Hardware<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#How-to-Shut-Down-Attack-Vectors\" title=\"How to Shut Down Attack Vectors\">How to Shut Down Attack Vectors<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#Bottom-Line\" title=\"Bottom Line\">Bottom Line<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"8-Ways-Malware-Gets-on-Your-Device\"><\/span>8 Ways Malware Gets on Your Device<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Malvertising\"><\/span>Malvertising<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Just by surfing the Web, <a href=\"https:\/\/www.esecurityplanet.com\/threats\/malware\/\">malware<\/a> can be injected into a system without clicking on any downloads, plugins or intentionally opening any files. Malvertising is one way hackers accomplish that, by injecting malicious or malware-laden advertisements into legitimate online advertising networks and Web pages.<\/p>\n<p>A particularly dangerous example of this comes in the form of ChromeLoader. ChromeLoader is a piece of malware that can hijack users\u2019 browsers to redirect them to pages full of ads. The malware <a href=\"https:\/\/blogs.vmware.com\/security\/2022\/09\/the-evolution-of-the-chromeloader-malware.html\" target=\"_blank\" rel=\"noopener\">recently evolved<\/a> into a more dangerous form thanks to variants that can inject users\u2019 devices with <a href=\"https:\/\/www.esecurityplanet.com\/threats\/what-ransomware-attackers-look-for\/\" target=\"_blank\" rel=\"noopener\">ransomware<\/a> like <a href=\"https:\/\/www.pcrisk.com\/removal-guides\/10556-enigma-ransomware\" target=\"_blank\" rel=\"noopener\">Enigma<\/a>.<\/p>\n<p>A good defense against malvertising is the use of ad blockers on your preferred web browser. While many legitimate websites, such as for digital news, ask users to shut off their ad blockers, a good ad blocker can be an excellent way to filter out a lot of malvertising content. Additionally, enabling click-to-play plugins will block malvertising that uses Java or Flash from playing unless you directly click on them.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Spear-Phishing\"><\/span>Spear Phishing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Spear <a href=\"https:\/\/www.esecurityplanet.com\/threats\/phishing-attacks\/\" target=\"_blank\" rel=\"noopener\">phishing<\/a> is one of the most common email attack vectors, where attackers disguise themselves as other employees such as your CEO or legitimate entities in an attempt to steal log-in credentials or trick users into sending money. With spear phishing, hackers target organizations for confidential or highly sensitive data. When aimed at higher-level employees like the CEO, it&#8217;s called <em>whaling<\/em>.<\/p>\n<p><a href=\"https:\/\/www.esecurityplanet.com\/threats\/qr-code-security-problem\/\" target=\"_blank\" rel=\"noopener\">QR codes<\/a> have become a potent new vector for spear phishing attacks. By embedding a malicious QR code in an otherwise innocuous-looking email, scammers have found another way to trick users into handing over their sensitive information. A <a href=\"https:\/\/windowsreport.com\/microsoft-365-email-qr-code-phising\/\" target=\"_blank\" rel=\"noopener\">2021 spear phishing campaign<\/a> spoofed legitimate-looking Microsoft Office 365 emails by offering users a QR code to access missed voicemail messages. When victims used the code, they were taken to a page which asked for their login credentials which were promptly stolen.<\/p>\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/cybersecurity-training\/\" target=\"_blank\" rel=\"noopener\">Employee training<\/a> can be a big help when dealing with spear phishing. Good training allows users to better spot some of the hallmarks of spear phishing attempts, such as a sense of urgency in the messages and imitating legitimate email addresses.<\/p>\n<p><strong>Want to Protect Yourself Against Phishing and Other Email Threats? Take a Look at <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-secure-email-gateways\/\" target=\"_blank\" rel=\"noopener\">Top Secure Email Gateway Solutions for 2022<\/a><\/strong><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Web-Trojan-Download\"><\/span>Web Trojan Download<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>A pattern has developed with Chrome extensions, WordPress plugins and the like; software that starts out safe is turned into malware, either through exploitation or a software update. The initial download of the legitimate software is used as a Trojan horse. When a user installs third-party software, it\u2019s impossible for existing security mechanisms to detect if it\u2019s malware or not.<\/p>\n<p>A recent example of this malicious behavior was revealed this year by <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users\/\" target=\"_blank\" rel=\"noopener\">McAfee<\/a>, which reported that a number of popular Chrome extensions had potentially infected over 1.4 million users with malicious cookies. These extensions included Netflix Party and Netflix Party 2, a pair of extensions that allowed users to sync up movies and shows on the popular streaming service to watch together.<\/p>\n<p>The primary defense against trojans like these is personal vigilance. Avoid downloading software from unwanted sources. Employee training is a possible method for businesses to upgrade their employees\u2019 cybersecurity vigilance.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Weaponized-Documents\"><\/span>Weaponized Documents<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>PDF and Microsoft Office documents such as Word and PowerPoint permeate the Web. This is something that we don\u2019t often notice \u2013 until a critical vulnerability shows up. Popular browsers like Chrome and Firefox contain built-in viewers for PDFs, which enable document viewing to blend seamlessly with the native Web experience. But easy document viewing can come at a price. A simple click, (whether on the Web or in an email), can lead to a document that\u2019s potentially weaponized and laden with malware.<\/p>\n<p>This threat is constantly evolving as well. When Microsoft began blocking macros from running on untrusted files by default, hackers <a href=\"https:\/\/www.esecurityplanet.com\/threats\/hackers-find-alternatives-to-microsoft-office-macros\/\" target=\"_blank\" rel=\"noopener\">found a way around this<\/a> by using compression files like .zip, .rar. or .iso to successfully smuggle the malware-laden files onto your device.<\/p>\n<p>Like with trojans, the best defense against these sorts of documents is personal vigilance. Only open documents from trusted sources.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Spoofed-Websites\"><\/span>Spoofed Websites<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>A popular way to inject malware onto devices is by setting up legitimate-looking websites to entice users. This can come in a variety of forms, such as changing a single letter in a legitimate website\u2019s url \u2014 often called typosquatting \u2014 or copying the website\u2019s entire website design and layout but adding malicious links.<\/p>\n<p><a href=\"https:\/\/pesacheck.org\/scam-this-website-offering-goil-fuel-subsidy-is-an-imposter-f51905158c5a\" target=\"_blank\" rel=\"noopener\">Earlier this year<\/a>, hackers impersonated the Ghanian Oil Company, also known as GOIL, with a fake website claiming that users were eligible for government fuel subsidies. After filling out a short questionnaire involving questions about GOIL and basic user information like their age, users were asked to select a prize box, with three opportunities to select the correct box with their prize. If successful, users were asked to fill in their address and share the false promotion via WhatsApp in order to receive their prize, completing the phishing attempt. GOIL alerted their customers to these sorts of scams in an <a href=\"https:\/\/www.facebook.com\/GOIL.Official\/posts\/pfbid0cr3jN91e5rxGugfJkiJNv3HcjQRvNXaBgcrzYQuhvkvA8iQnDjkkMoXtcEN7DmY1l\" target=\"_blank\" rel=\"noopener\">August 2022 Facebook post<\/a>.<\/p>\n<p>The best defense against spoofed websites is personal vigilance. Be aware of where the links you are clicking are sending you and, if the website is impersonating a legitimate entity like the Ghanian Oil Company, try contacting the entity first before clicking on any links related to the suspicious website. A good <a href=\"https:\/\/www.esecurityplanet.com\/products\/antivirus-software\/\" target=\"_blank\" rel=\"noopener\">antivirus program<\/a> can also help ward off some of the malware found on spoofed websites.<\/p>\n<p><strong>Want to Learn More About How Scammers Are Getting Ahold of Your Data? Check Out <a href=\"https:\/\/www.esecurityplanet.com\/trends\/how-scammers-steal-your-data\/\" target=\"_blank\" rel=\"noopener\">The Scammers\u2019 Playbook<\/a><\/strong><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Fraudulent-Mobile-Apps\"><\/span>Fraudulent Mobile Apps<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Much like the malicious Chrome extensions and WordPress plugins mentioned above, mobile apps are a dangerous vector for malware. Whether by impersonating popular apps, implementing hidden ads, keylogging, or other techniques, mobile apps possess a number of methods to infect users\u2019 devices. These sorts of apps are nothing new, however, and they typically don\u2019t end up on the Google Play Store or the Apple App Store, the two most popular app marketplaces.<\/p>\n<p>However, an ad fraud campaign, known as <a href=\"https:\/\/www.humansecurity.com\/newsroom\/human-discovers-and-disrupts-ad-fraud-scheme-impacting-89-apps-with-more-than-13-million-downloads-from-google-play-and-apple-app-stores\" target=\"_blank\" rel=\"noopener\">Scylla<\/a>, had managed to get 80 fraudulent apps onto the Google Play Store and 9 apps onto the Apple App Store, resulting in over 13 million downloads as of this writing. Scylla was first discovered in 2019 but is still ongoing. However, HUMAN Security\u2019s Satori Threat Intelligence and Research Team has been working with Google, Apple, and other relevant parties to disrupt the campaign.<\/p>\n<p>Like other infection vectors that rely on fakery and <a href=\"https:\/\/www.esecurityplanet.com\/threats\/social-engineering-attacks\/\" target=\"_blank\" rel=\"noopener\">social engineering<\/a>, one of the best defenses against fraudulent mobile apps is to remain vigilant. Make sure the apps you download come from legitimate sources and verify with those sources that they are selling this app on the app store. Also, be sure to report fraudulent apps you spot on the store, in order to help protect other users.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Remote-Desktop-Protocol-RDP\"><\/span>Remote Desktop Protocol (RDP)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/secure-access-for-remote-workers-rdp-vpn-vdi\/\" target=\"_blank\" rel=\"noopener\">Remote Desktop Protocol (RDP)<\/a> is what allows two computers to connect with one another via a network. Though developed by Microsoft for Windows, the technology is widely-used and has clients for most popular operating systems, including Linux, MacOS, Android, and iOS.<\/p>\n<p>Unfortunately, RDP is sometimes found vulnerable for exploitation by hackers on older or poorly protected systems, and once they gain access to a computer via RDP, they can inject malware or steal files from the victim\u2019s machine without much trouble.<\/p>\n<p>A growing genre of cybercriminal known as Initial Access Brokers (IABs) have begun making their ill-gotten gains off selling access credentials to RDP and other corporate services like content management systems or company VPNs. These credentials are then used by hackers to implement ransomware attacks on company devices.<\/p>\n<p>RDP, being such a widely and legitimately-used technology, is a difficult infection vector to protect against. However, in cases where hackers are exploiting vulnerabilities on older systems, keeping your system up-to-date will ensure that these vulnerabilities are more difficult to use against you.<\/p>\n<p><strong>Struggling With Ransomware? Check Out Our <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-ransomware-removal-tools\/\" target=\"_blank\" rel=\"noopener\">Guide to the Best Ransomware Removal Tools<\/a><\/strong><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Removable-Hardware\"><\/span>Removable Hardware<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Finally, removable hardware like flash drives are a viable vector for malware. While remote methods like spear phishing are more common, there is still a danger whenever a user plugs an unknown flash drive into their machine. These flash drives can then inject a variety of malware, such as keyloggers, to get ahold of their data.<\/p>\n<p>If using a device in public spaces, users should also be wary of public USB chargers found at libraries, caf\u00e9s, or airports, as hackers can utilize these to steal data and infect user devices in a practice known as \u201cjuice jacking.\u201d<\/p>\n<p>While simply not plugging unknown flash drives into a device is part of preventing this sort of attack, malware infection via USB is so quick that briefly unattended devices can be vulnerable to attack as well if a hacker is opportunistic enough. When leaving a device unattended in a public space for any reason, we recommend disabling USB ports until you return to your device.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How-to-Shut-Down-Attack-Vectors\"><\/span>How to Shut Down Attack Vectors<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Data breaches and malware attacks are costing enterprises <a href=\"https:\/\/www.comparitech.com\/antivirus\/malware-statistics-facts\/\" target=\"_blank\" rel=\"noopener\">millions of dollars each year<\/a>, and that number won\u2019t slow down any time soon. Security detection mechanisms look for a finite set of malware patterns, but the number of variations is infinite and impossible to effectively track.<\/p>\n<p>Advanced methods like heuristics, <a href=\"https:\/\/www.esecurityplanet.com\/applications\/behavioral-analytics-cybersecurity-does-it-work\/\" target=\"_blank\" rel=\"noopener\">behavioral analytics<\/a>, or machine learning can detect changes in behavior that can signify malware infection. However, they\u2019re far from foolproof, and infection can still occur even with the best cybersecurity solutions and <a href=\"https:\/\/www.esecurityplanet.com\/products\/cybersecurity-training\/\" target=\"_blank\" rel=\"noopener\">employee training<\/a> on the market. For that reason, secure, <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-backup-solutions-for-ransomware-protection\/\" target=\"_blank\" rel=\"noopener\">isolated data backup<\/a> should be part of every cyber defense system.<\/p>\n<p>Rather than focus on creating signatures for the millions of different malware variants \u2013 which is virtually impossible \u2013 security solutions should focus on the attack vectors, the paths attackers and malware follow to break into computer and IT systems. Even though there are infinite strains of malware, there are only a handful of vectors, some of which include surfing the Web, phishing emails, Trojan downloads and malicious documents such as portable document formats (PDFs).<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Bottom-Line\"><\/span>Bottom Line<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Despite the growing sophistication, infection vectors stay constant. Every breach starts out with the same vectors, and the two largest buckets encompass Web and email. The only difference is what the malware does post-breach. If we are to begin to truly combat malware, we need to start by securing the attack vectors.<\/p>\n<p><strong>Looking For New Ways to Protect Your Business\u2019s Data? Check Out <a href=\"https:\/\/www.esecurityplanet.com\/products\/ndr-network-detection-response\/\" target=\"_blank\" rel=\"noopener\">Top Network Detection &amp; Response (NDR) Solutions<\/a><\/strong><\/p>\n<p><em><strong>NOTE:<\/strong> This article was originally written in April 2016 by Kowsik Guruswamy and updated by Zephin Livingston in December 1, 2022.<\/em><\/p>\n\n\n<div id=\"ta-campaign-widget-66d702343df9d-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d702343df9d\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d702343df9d\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d702343df9d\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d702343df9d\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d702343df9d\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d702343df9d\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Malware can unleash devastating attacks on devices and IT systems, resulting in the theft of sensitive data and money, destruction of hardware and files, the complete collapse of networks and databases, and more. Understanding the attack paths malware uses to invade your systems is important for setting up defenses to stop it. Email and the [&hellip;]<\/p>\n","protected":false},"author":305,"featured_media":25395,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14],"tags":[31964,3146,1146,2478,6698],"b2b_audience":[33],"b2b_industry":[],"b2b_product":[378,377,379],"class_list":["post-1468","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","tag-computer-virus","tag-flash","tag-malware","tag-ransomware","tag-spear-phishing","b2b_audience-awareness-and-consideration","b2b_product-endpoint-security","b2b_product-gateway-and-network-security","b2b_product-threats-and-vulnerabilities"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How You Get Malware: 8 Ways Malware Creeps Onto Your Device<\/title>\n<meta name=\"description\" content=\"Learn how malware is distributed and weak points that you can fix to protect your business from suffering a malware attack.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How You Get Malware: 8 Ways Malware Creeps Onto Your Device\" \/>\n<meta property=\"og:description\" content=\"Learn how malware is distributed and weak points that you can fix to protect your business from suffering a malware attack.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-01T08:10:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-26T21:02:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"1400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Zephin Livingston\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zephin Livingston\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/\"},\"author\":{\"name\":\"Zephin Livingston\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/c520ead1fedb2794b5fccfeb93b4c97f\"},\"headline\":\"How You Get Malware: 8 Ways Malware Creeps Onto Your Device\",\"datePublished\":\"2022-12-01T08:10:00+00:00\",\"dateModified\":\"2023-10-26T21:02:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/\"},\"wordCount\":1908,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg\",\"keywords\":[\"computer virus\",\"Flash\",\"malware\",\"ransomware\",\"spear phishing\"],\"articleSection\":[\"Networks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/\",\"name\":\"How You Get Malware: 8 Ways Malware Creeps Onto Your Device\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg\",\"datePublished\":\"2022-12-01T08:10:00+00:00\",\"dateModified\":\"2023-10-26T21:02:41+00:00\",\"description\":\"Learn how malware is distributed and weak points that you can fix to protect your business from suffering a malware attack.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg\",\"width\":1400,\"height\":1400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How You Get Malware: 8 Ways Malware Creeps Onto Your Device\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/c520ead1fedb2794b5fccfeb93b4c97f\",\"name\":\"Zephin Livingston\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/09\/EDITED-28465_HH-73858175_Zephin_Livingston_20220826_1407190_editor_faharia-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/09\/EDITED-28465_HH-73858175_Zephin_Livingston_20220826_1407190_editor_faharia-150x150.jpg\",\"caption\":\"Zephin Livingston\"},\"description\":\"Zephin Livingston is a content writer for eSecurityPlanet with years of experience in multiple fields including cybersecurity, tech, cultural criticism, and media literacy. They're currently based out of Seattle.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/zephin-livingston\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How You Get Malware: 8 Ways Malware Creeps Onto Your Device","description":"Learn how malware is distributed and weak points that you can fix to protect your business from suffering a malware attack.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/","og_locale":"en_US","og_type":"article","og_title":"How You Get Malware: 8 Ways Malware Creeps Onto Your Device","og_description":"Learn how malware is distributed and weak points that you can fix to protect your business from suffering a malware attack.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/","og_site_name":"eSecurity Planet","article_published_time":"2022-12-01T08:10:00+00:00","article_modified_time":"2023-10-26T21:02:41+00:00","og_image":[{"width":1400,"height":1400,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg","type":"image\/jpeg"}],"author":"Zephin Livingston","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Zephin Livingston","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/"},"author":{"name":"Zephin Livingston","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/c520ead1fedb2794b5fccfeb93b4c97f"},"headline":"How You Get Malware: 8 Ways Malware Creeps Onto Your Device","datePublished":"2022-12-01T08:10:00+00:00","dateModified":"2023-10-26T21:02:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/"},"wordCount":1908,"commentCount":0,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg","keywords":["computer virus","Flash","malware","ransomware","spear phishing"],"articleSection":["Networks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/","url":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/","name":"How You Get Malware: 8 Ways Malware Creeps Onto Your Device","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg","datePublished":"2022-12-01T08:10:00+00:00","dateModified":"2023-10-26T21:02:41+00:00","description":"Learn how malware is distributed and weak points that you can fix to protect your business from suffering a malware attack.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/10\/pexels-sora-shimazaki-5935787.jpg","width":1400,"height":1400},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/how-you-get-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"How You Get Malware: 8 Ways Malware Creeps Onto Your Device"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/c520ead1fedb2794b5fccfeb93b4c97f","name":"Zephin Livingston","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/09\/EDITED-28465_HH-73858175_Zephin_Livingston_20220826_1407190_editor_faharia-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/09\/EDITED-28465_HH-73858175_Zephin_Livingston_20220826_1407190_editor_faharia-150x150.jpg","caption":"Zephin Livingston"},"description":"Zephin Livingston is a content writer for eSecurityPlanet with years of experience in multiple fields including cybersecurity, tech, cultural criticism, and media literacy. They're currently based out of Seattle.","url":"https:\/\/www.esecurityplanet.com\/author\/zephin-livingston\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/1468"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/305"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=1468"}],"version-history":[{"count":2,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/1468\/revisions"}],"predecessor-version":[{"id":32620,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/1468\/revisions\/32620"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/25395"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=1468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=1468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=1468"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=1468"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=1468"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=1468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}