IT Support Indianapolis 317-497-5500
IT Support Raleigh 919-890-8088
IT Support Atlanta 678-263-4770
IT Support Fairfax 703-344-7760
Request a Quote
JUL 25
What Is Zero-Click Malware?

What Is Zero-Click Malware?

July 25, 2023
You know not to open an email attachment from someone you don’t know. You also avoid downloading unexpected files or questionable popups when you go online. But did you know there’s malware that requires zero action from you? Zero-click malware can infect your device without any interaction on your part.rnrnTraditional malware required the user to click a link, download a file, or execute a program. It often relies on phishing and social engineering to fool you into taking action.rnrnZero-click malware exploits vulnerabilities in your operating system (OS) or applications. It uses carefully crafted, undetected code to access and execute a payload automatically, and there’s no trigger. If one is present on the system you’re using, you’ll navigate right into it.rnrnThis makes zero-click malware attacks all the more dangerous. After all, they happen without your knowledge or consent. Meanwhile, attackers can use zero-click malware to:rn
    rn
  • gain access to sensitive data, such as passwords or financial information;
    • rn
  • take control of your device;
    • rn
  • impersonate you and send out messages on your behalf;
    • rn
  • carry out additional attacks.
    • rn
rn

Understanding zero-click attacks

rnZero-click attacks exploit bugs, misconfigurations, or design flaws in an application or OS. They can come in many forms as attackers:rn
    rn
  • target email applications and messaging apps such as WhatsApp or iMessage;
    • rn
  • build malicious websites;
    • rn
  • hack and infect legitimate websites;
    • rn
  • exploit vulnerabilities in network protocols or services.
    • rn
rnIn one well-publicized example, Amazon CEO Jeff Bezos suffered a zero-click attack. A WhatsApp message compromised his texts, instant messages, and potentially even voice recordings.rnrnAnother well-known attack targeted the WhatsApp accounts of journalists, activists, and human rights defenders in several countries. The attackers installed the Pegasus spyware on the targeted device simply by placing a phone call to the device, even if the user did not answer the call. The malware could extract messages, photos, contacts, and other sensitive data from the device, as well as activate the device's camera and microphone to record the user's surroundings.rn

How to protect against zero-click software

rnProtect against zero-click malware by keeping your device's software up to date. These attacks are often designed to exploit unknown vulnerabilities in software, enabling automatic updates can help ensure you run the latest, most secure software.rnrnAlso, install and use security tools such as antivirus software and firewalls, which help detect and prevent the malware from infecting your device, and remain cautious about clicking on links or downloading files from unknown sources.rnrnFurther reduce your risk by using strong passwords and two-factor authentication. Plus, limit your device exposure to public Wi-Fi networks and unknown devices.rnrnIn case of a zero-click malware or other types of data breach, regularly back up your data, too. Store backups on a separate device that uses strong encryption and two-factor authentication, or use a secure cloud storage service.rnrnNot sure about the strength of your online protections? We can help secure your devices. Give us a call today at 317-497-5500 or contact us here.