A dropper is a program that helps deliver malware to a victim’s computer. They are generally made to contain code that can extract other files that are harmful to a user’s device and launch ransomware, spyware, and other forms of malware. They are most commonly associated with trojans because they pose as an application that would be valuable or beneficial to the end user, encouraging them to download the malicious file. A dropper is a useful tool for malicious actors because it can contain multiple malicious programs that can launch once downloaded, and this allows for both better attacks and obfuscation.
Dropper Spread
Droppers add an extra layer to a malware attack that helps avoid security features that would normally detect malicious code as soon as it is downloaded. They often get delivered to users via familiar methods, such as phishing attacks, drive-by downloads, and malicious links. They will also be included in downloadable programs that users will seek out from less reputable websites – adblockers and pirated media being prime examples. Due to their ability to better avoid security tools, malicious actors have used droppers in long-term attack strategies that allow them to leverage how easy it can be to hide a dropper and its malware once it has been downloaded by a user.
Hiding a Dropper
During an attack that utilizes a dropper, it sometimes isn’t enough for a user to just download the program for the attack to begin. Device and software vulnerabilities can be leveraged to automatically launch a dropper on an infected device, executing a full attack immediately. A dropper will attempt to mask itself as a valid computer program or legitimate file that someone wanted to download, making it harder to detect even if the malicious file is hiding in plain sight. Droppers can also be persistent, meaning they will reinstall themselves if a user finds them and tries to uninstall the application manually. Conversely, nonpersistent versions will uninstall themselves after they deliver their intended payload.
Mitigation Strategies
Despite the fact that droppers are more easily hidden than other forms of malicious code, they can be mitigated with the right training and adherence to best practices. Businesses should implement email filtering and other inbox-related security solutions to better catch them before they are downloaded. Endpoint protection and network detection and response services can also be implemented to better detect and respond to the suspicious activity associated with attacks involving droppers and better secure the network. In the event of a successful attack, network segmentation and the principle of least privilege can help mitigate network damage before the threat can be removed and the network re-secured.
Summary
Droppers can make cyberattacks extremely effective if employees don’t know to avoid suspicious sites or how to identify potentially malicious emails. This is why SMBs should work with an IT consultant to augment their training and implement the best security services to keep their employees and network safe. Hackers are always changing the strategies they use, and your network security and training should evolve too. Our IT specialists here at Robinett Consulting are ready to provide your business with the advice and security it needs to stay better protected, and we’re offering complimentary consultations to SMBs that want to learn more about how their business can be better protected from malware!
