Managing a device infected with malicious software.
- Understand what malware is
- Determine if your device may be infected
- Protect yourself from malware
- Deal with an infected device
Isaac notices the LED in webcam turns on even when he is not using it. He worries that he has malware.
He fears that someone is remotely controlling his computer and watching him. If Isaac doesn't remove the malware from his device, he is worried the identity of his sources will be revealed.
Malware exploits access to your device to send out spam, seize banking, email or social media credentials, shut down websites and collect vital information from journalists, human rights defenders, NGOs, activists and bloggers.
Malware works by installing itself on your device when you open a link to a malicious website or open an infected file you have downloaded. After it is installed on your device, it can record keystrokes, steal passwords, take screenshots, record audio, video and more.
Malware is dangerous software that allows an unauthorized takeover of your device by another user. It can be used by the government or a third party to surveil you.
While most malware is designed for and utilized by criminals, people working directly or indirectly for governments have increasingly adopted malware as a tool for surveillance, espionage and sabotage.
With malware, the important thing you can do is prepare. Refer to the Planning and Preparing unit to learn more about computer hygiene and developing emergency plans.
Malware can threaten your sensitive information
You opened an attachment or link that you think may have been malicious. Links or attachments are often the cause of malware infections.
Your webcam LED turns on when you are not using the webcam. This may indicate your device is being accessed remotely.
Your accounts have been compromised multiple times, even after you have changed the password. This may indicate someone has control of your device.
Your device was seized and then returned. It is possible that your device may have been infected with malware when it was taken from you.
Someone broke into your home and may have tampered with your device. This may indicate that your device was infected with malware during the break in.
Some of your personal data has been made public and it could only come from your personal computer. This may indicate that someone has access to your computer.
Your group is being targeted by a government, law enforcement, or an actor with equivalent capabilities.
Malicious attachments or links are often the cause of malware
Finding out what has happened to you and who has targeted you may be more important than 'cleaning' your computer. It can be very valuable to gain an understanding of your adversary through letting the attack play out.
If understanding the attacker and the attack is important to you, you must collect and analyse information when a potential malware infection happens. Do this before ‘cleaning’ your computer.
Keep in mind that counter-surveillance is a big investment, is not easy, and might be perceived by an adversary as an escalation. Weigh the risks and benefits carefully and develop a strategy to decide on next steps by reading the Risk Analysis lesson.
Always move all activities to a safe computer if you feel you are under surveillance and read the Seeking Help lesson to learn how.
Do not reveal that you feel you are being surveilled using electronic commmunications or physical behaviour and read the Secure Communications lesson to learn how to do so.
There are two types of counter-surveillance, covert and overt counter-surveillance. In both cases, the primary aim is to identify whether you are being surveilled, not to lose your adversary.
Covert counter-surveillance means trying to identify your potential adversary without letting them know that you are looking for them. The primary
Overt counter-surveillance means trying to stop or identity your potential adversary through making them aware of what you are trying to do. This is extremely risky and should not be taken lightly.
Be careful around an infected device!
There is no quick fix to clean up malware from you computer. Anti-virus software may be good at protecting your device from common viruses, but it is mostly ineffective against sophisticated attackers.
If you believe you are being targeted, disconnect your device from the internet, turn it off, unplug it, remove the battery from your device and seek the help of a trusted security professional. Refer to your Emergency Plans.
Stop using a device infected with malware
What is gitbook used for?
Is it quiz?
- en/topics/practice-1-emergencies/0-getting-started: Find out about other types of emergencies
- en/topics/understand-2-security/0-getting-started: Dig deeper on various aspects of security
- en/topics/understand-3-opsec/0-getting-started: Find out about what operational security or opsec means
- en/topics/understand-4-digisec/0-getting-started: Learn more about important concepts of digital security