Skip to main content

Malware Now Hiding Inside Fake Copies Of Online Books

By September 21, 2019May 16th, 2022Cybersecurity

Kaspersky Lab has recently issued a warning that should alarm and dismay students around the world.  Based on the findings of some of the company’s researchers, they’ve discovered a new surge in malware masquerading as legitimate digital textbooks. Given the staggering price of physical textbooks, many students have changed to acquiring digital copies of the books they need.

While the price difference is considerable between the digital and physical copies, penny-pinching students often shop for the best deals possible on the digital copies of the books they’re buying.  Unfortunately, a disturbing percentage of bargain-priced texts are poisoned and used to infect the devices of the students downloading them with a variety of malicious payloads.

Based on Kaspersky’s research, there were in excess of 365,000 attacks last year that relied on malicious documents with educational-related filenames.  Of those, 233,000 of the cases involved poisoned documents downloaded by more than 74,000 people and blocked by the company’s software.

According to a Kaspersky spokesperson, about a third of those files were malware disguised as textbooks, and more than 30,000 users attempted to open them.

The company was able to block an impressive percentage of those types of attacks. However, based on their own numbers, that still means that more than 132,000 infection attempts were successful.  While the attacks were made using a staggering array of malware, the most commonly employed were identified as:

  • MediaGet
  • Agent.gen & Win32.Agent.ifdx
  • The Stalk worm

Of the ‘Big Three,’ the MediaGet downloader is the least harmful, designed to simply download an unnecessary torrent client.  Unfortunately, the other two downloaders, WinLNK.Agent.gen and Win32.Agent.ifdx are capable of dropping all manner of nasty malware onto an infected device.

Stalk is different from these others, being classified as a worm.  Its main goal in life is to spread itself to as many machines as it can and will merrily mail and text itself to the entire contacts list on any infected machine.

The bottom line from Kaspersky is simply this:  Bargain priced digital texts very often have a high hidden cost.  It pays to be wary.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.