Malicious software makers are increasingly turning to a new target to get you to click: your favorite politician.
It’s the latest iteration in our political world, preying on a partisan population that expects people to click according to their views, experts say. It also draws upon the already popular nature of sharing memes and other potentially biased information on social media.
“No one really fact-checks a meme — that would be pretty silly — so information can be shuttled in the same sort of way,” said Heather Suzanne Woods, an assistant professor at Kansas State University and co-author of the book “Make America Meme Again: The Rhetoric of the Alt-Right.”
As the 2020 presidential election draws near, cybersecurity and social media experts are worried about the potential fallout related to a divided country. Already, Russia and other foreign nations have been working to take advantage of bias with disinformation campaigns, something they did during the 2016 election, too.
Malware is banking on a similar bias, experts say, incorporating political names and images to try to get people to click.
While malware has used these tactics for years, elections are a little like during the holidays, when malicious software creators try to target those in the holiday spirit via email or a social media link, says Craig Williams, director of outreach at Cisco Talos, the threat intelligence division of the technology conglomerate.
“Everybody wishes they had a little more money, so you see lots of payday loan and mystery shopping scams," Williams says. With an election approaching for a divided country, he says, they see yet another marketing opportunity.
But those clicks come at a cost. Malware can be used to extort money or hack into a network. It can also install a havoc-wreaking update.
Even malware that appears to just be obnoxious can sometimes mask a more nefarious purpose. Danny O’Brien, director of strategy for the Electronic Frontier Foundation, a civil liberties group, says malware-infected devices can be used for a wide range of criminal activities. A program that allows access to an individual’s contact list can create fodder for a “spear-phishing” campaign, like the one that preceded the hacking of Democratic Party networks in 2016. Hackers used official-looking emails to steal passwords from staff members and eventually access opposition-research material.
And they’re targeting victims across the political spectrum. Cisco Talos researchers identified an “Obama Injector” that inserts code into a victim’s device to hide a hacker’s actions. “Putin Lockware 2.0″ creates a screen that is difficult for the user to exit and demands a ransom payment in exchange for removal of the program. There’s also “Dancing Hillary,” which allows the user to control a dancing Hillary Clinton animation, though the purpose of the program is unclear.
The malware creators were not immediately identifiable, Cisco Talos said. In some cases, researchers said, the creators left “false flag” clues in an apparent attempt to misdirect investigators to nation-states or known cybercrime rings.
O’Brien says malware with such an exaggerated political focus is far more likely to be authored by petty thieves than a sophisticated state-sponsored agent. Still, such programs can have a negative impact on the political process regardless of the intent of the creator, since people are quick to blame the other party.
“What national experts in the previous election saw was that removing trust in the process itself was as important a goal as steering people to a particular candidate,” O’Brien said.
