Cyber criminals are always looking for different techniques to trick their victims into installing malicious software on their own computers.
And attempting to disguise malware as a video plugin, update or codec is one such popular method.
Imagine the scenario. You visit a website to watch a video and you’re asked that before you can watch, you need to download an update. A pop-up appears asking you to install or download the update, and without it, the video won’t play.
You may very well click download. You do, after all, want to watch the video. Maybe the pop-up looked legitimate. It may have looked like a “flash update” or something equally convincing.
The problem is, that pop-up isn’t going to download an update, plugin or codec for a video player. It’s malware.
Internet browsers won’t allow files to both download and execute to a computer automatically for obvious security reasons (unless a scam is exploiting an un-patched vulnerability.) So scammers have to try and trick victims into giving their permission for harmful files to download. This is one such popular method.
It’s essentially a social engineering trick. Such tricks are techniques scammers use to trick victims into carrying out such actions that will weaken their online security. The social engineering trick here is that they will bait a victim into wanting to watch a video – possibly by reaching out to the victim via email or social email – and then use that against the victim by luring them into downloading harmful files posing as video updates.
An example of such a scam may involve messages shared across sites like Twitter and Facebook that will offer “exclusive videos” of trending events and will link to external, third party websites. Such sites will request you install these “video updates” which are actually malware downloads. To add credibility to the scams, these third party websites may try to replicate popular video websites like YouTube or software companies like Adobe Flash.
Once the malware is installed it can do a whole host of things on your computer, from hijacking your social media accounts to stealing your online banking information. Or worse, it could be ransomware that will encrypt your personal information and hold it to ransom.
Whilst video players often need updates or plugins to continue working you should always know exactly what it is on your computer that is requesting the update and where that update is coming from, before you perform any installation or update.
The easiest way to do this is to only update video players from their official websites where the updates or plugins will be available, and not via third party websites. The most common video player that will need updating is Flash which is owned by Adobe and thus all its updates are available on the Adobe Flash website, or Windows will update it automatically for you. Other players such as Quicktime (Apple only now!) and VLC Player will also have updates available on their official websites as well or the software itself will prompt the update.
Bottom line – never trust links that lead to third party, untrusted websites that, in any way, ask you to update your video player. And make sure your friends know the same thing!
If you think you have installed malware onto your computer by mistake, run a full system scan with your antivirus software straight away.