The Temptation
Jennifer needs Photoshop for a project but doesn't want to pay $20/month. She searches "Photoshop free download" and finds a site offering it for free.
"Score!" she thinks, downloading the file. The installer looks legitimate, asking her to click through some screens. She doesn't notice the checkboxes installing "bonus software."
Three days later, her company's files are encrypted with ransomware demanding $50,000 in Bitcoin.
How Malware Hides in Downloads
Trojanized Software
Legitimate-looking programs bundled with malware. The software works, but so does the hidden payload.
Fake Installers
Download buttons that give you malware instead of the software you wanted.
Bundled Adware
Free software that installs browser hijackers, toolbars, or spyware alongside it.
Cracked Software
Pirated programs that require disabling antivirus - then install malware freely.
Danger Zones
- Torrent sites - No verification, easy to upload malware
- "Free" versions of paid software - If it's too good to be true...
- Random Google results - Attackers use SEO to rank malicious sites
- Email attachments - Even from "known" senders
- USB drives - Found drives are often planted attacks
Safe Download Practices
Go directly to the software vendor's website, not through search results
Malicious sites use lookalike domains: "adobe-free.com" vs "adobe.com"
Uncheck boxes for "bonus" software during installation
IT can provide legitimate licenses and safe installations