Searching for textbooks and essays in electronic form on the Internet exposes students to a wide range of malicious attacks as Kaspersky Lab researchers found after analyzing data gathered over the past academic year.
With the back to school season in full force and everyone looking around for the best possible price, some will end up trying their chances on the web instead of paying for educational materials out of their pocket.
While this might look like a bargain at first, it also comes with a lot of dangers seeing that attackers will try their best to infect your computer with malware downloaders that can download and execute banking Trojans and ransomware or with worms capable of quickly spreading to all your contacts and all devices on your network.
More than 365,000 attacks in a year
After taking a closer look at attacks using malicious documents with educational-related filenames and directed at Kaspersky users, the researchers discovered that threat actors targeted potential victims from the educational field over 356,000 times in total over the past academic year.
“Of these, 233,000 cases were malicious essays that were downloaded to computers owned by more than 74,000 people and that our solutions managed to block,” found Kaspersky.
“About a third of those files were textbooks: we detected 122,000 attacks by malware that was disguised as textbooks. More than 30,000 users tried to open these files.”
Out of all types of malicious textbooks the targeted individuals downloaded onto their computers, English, math, and literature were the top most searched for, with 2,080, 1,213, and 870 downloads in total, respectively.
Even though bad actors don’t really care about what malware they infect their victims with as long as they can steal their data or take control of their devices, the most ‘popular’ ones were a MediaGet torrent application downloader, the WinLNK.Agent.gen and the Win32.Agent.ifdx downloaders, and the Stalk worm.
Malware camouflaged as educational material
While the MediaGet downloader will only download and install an unneeded torrent client, the two other downloaders are capable of dropping a huge range of malware strains on the victims’ computers including but not limited to adware, cryptominers, spyware, banking Trojans, and, in the most serious cases, ransomware capable encrypting all their data.
Stalk on the other hand, a worm Kaspersky detects as Worm.Win32.Stalk.a, also uses spam emails to reach its victims’ computers and will immediately attempt to infect any connected USB flash devices and as many devices on the same network as possible.
Furthermore, Stalk can email itself to the victims’ contacts, an effective way of spreading considering that most people won’t think twice before opening an essay or a textbook received from a person they trust, especially if they also need it.
Also, Stalk “can download other malicious applications to the infected device, and also surreptitiously copy and send files from your computer to the malware owners.”
If you do want to search for educational materials using the Internet, be wary of the websites you’re using, always keep your software up to date, and get in touch with people who send you email attachments to confirm that they are indeed the ones who sent them.