I got an invitation on my LinkedIn Page from a reputable corporate leader to connect with me. As I usual, when I get an invite, I always like to profile the person to know more about the personality.
As I went through the Corporate Leader’s bio information; I saw an update regarding his company’s latest product addition, and I decided to Google search the feature of that additional product just informational purpose.
The moment I right clicked the subject and chose Search on Google from the Context Menu, Anti-threat protection system installed on computer quickly prompted me with a Notification of a potential threat which it has blocked from execution. That propelled my curiosity to investigate the threat.
MY INVESTIGATION:
I picked the details of the threat. Below is the threat analysis information from my Anti-threat protection system:
+++START OF THE DESCRIPTION+++
Event: Download denied
User: YOUNGDESTINYA24\youngd
User type: Initiator
Application name: chrome.exe
Application path: C:\Program Files\Google\Chrome\Application
Component: Safe Browsing
Result description: Blocked
Type: Trojan
Name: HEUR:Trojan.Script.Generic
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object path: https://businessday.ng/companies/article/upperlink-expands-international-market-options-for-local-merchants
MD5 of an object: 4EBCDAD15EC7566028F48D7B7034F60A
Reason: Expert analysis
+++END OF THE DESCRIPTION+++
EXPLANATION:
So, when I clicked the SUBJECT in the context menu and search on Google, it picked up an article about the subject which was published on a reputable online Business Magazine, the Business Day online. The link to the article is given as:
Interestingly, if I were to read more about the subject without paying critical attention to my anti-threat protection system alert, I would simply click the link and open the article.
If I had done so, without the Realtime check of my Anti-Threat Protection system that automatically blocked the transfer a malicious trojan into my device, I would have downloaded a MALICIOUS TROJAN named: HEUR:Trojan.Script.Generic into my device.
My threat protection system defines the Trojan Script as having very high level threat potential as described under its Threat Level Ranking. It has the ability to self-install itself on any computer it has been successfully downloaded into because is an executable Brower script: chrome.exe
I PROPEB HEUR:Trojan.Script.Generic FURTHER:
I visited: https://malwarefixes.com/threats/heurtrojan-script-generic/
Below is how malwarefixes.com described it:
HEUR:Trojan.Script.Generic is a malicious executable file that can be run on the computer via remotely or locally. Once operational, the hackers can be able to perform various malicious actions that could further harm the computer. Because of this consequence, immediate removal of HEUR:Trojan.Script.Generic is highly recommended.
In summary:
Trojan horses are malicious scripts authored by hackers and threat actors targeting internet users with the sole aim of taking over the control of their computers. It has the ability to escalate system user privileges to Admin and assume full control of your computer system. With Admin Right, the hacker can do anything on your system, including installing keyloggers which can exfiltrate logs of credentials you have used to log into several platforms such as Banks online website, Social Media accounts, online payment systems, etc.
Given the above abilities, you can imagine the enormity of the breaches that could have taken place in your computer should the trojan script had successfully been executed on my system.
MY RECOMMENDATION:
- Install a premium anti-threat protection system on your computing devices and ensure its detection signature databases are regularly updated.
- Ensure Realtime threat detection is set to on via the setting of the Threat Protection System.
- Before you click open an internet source, be sure you are visiting the right source.
- Website Administrators of the websites should ensure malware detection systems are installed and enabled at the backend of their website. This is an even more important responsibility of website owners to ensure safe internet and protection of site visitors.
I am your regular Cybersecurity Analyst.
YOUNG. D.