Friday, April 8, 2022, I'm at my desk doing homework. I run my Virtualbox machine and can't figure out why it keeps giving me errors and shutting down, so I go to the UAT Cyber Studies Discord for troubleshooting help. I explained the errors the VM is giving me and am told (by a fellow NetSec student) to run a few tests. The tests include running Task Manager to see if my RAM and CPU are being eaten up by a service, download Malwarebytes and scan the system for viruses, and do an overall check of the system for anything suspicious.
I ran these tests and found a Chinese screen recording app hiding; it gave itself access to bypass my firewall! Along with that, Malwarebytes found 23 instances of potentially unwanted programs (PUPs) that were related to Chrome. I post a picture in the Discord and was immediately told by a professor to reset my computer with a new version of Windows, which I did immediately.
Here is a picture of the Malwarebytes results:
I know the virus came from Chrome because of the PUPs Malwarebytes showed me. They all had file extensions including "Chrome", "Extensions", and "Settings". My assumption is that our Chrome browser had bad browser extensions that contained malware. I do not know if the Chinese screen recording service was related to that or something else entirely. Either way, I will be using Firefox for all of my devices now.
The event really rattled me. I learned that even as a NetSec student, I can still miss basic signs of a virus. To be fair though, it managed to hide itself so well that my computer didn't show any signs of being infected, minus slowing down a bit.
So what did I learn from this experience? How can this sort of thing be prevented? Three main points came to light.
1.) Default AV (antivirus) software that comes with a computer isn't always enough (invest in something like Bitwarden).
2.) It's better to be safe than sorry... routinely scan devices for viruses and vulnerabilities.
3.) Don't immediately trust browser extensions. Do research before downloading them to ensure they're safe.