What is a Drive-by Download?
A drive-by download refers to the unintentional download of malicious code onto a computer or mobile device that exposes users to different types of threats. Cybercriminals make use of drive-by downloads to steal and collect personal information, inject banking Trojans, or introduce exploit kits or other malware to endpoints, among many others.
What sets this type of attack apart from others is that users need not click on anything to initiate the download. Simply accessing or browsing a website can activate the download.
The malicious code is designed to download malicious files onto the victim’s PC without the user being aware that anything untoward has happened.
Notable Drive-by-Download Attacks
Lurk, a cybercriminal group infamous for their stealthy and
To be protected against drive-by downloads, regularly update or patch systems with the latest versions of apps, software, browsers, and operating systems. It is also advisable to stay away from insecure or potentially malicious websites. Drive-by downloads were observed to be hosted in websites of questionable reputation, or even reputable websites that have been compromised. A reliable and proactive security solution that actively scans websites can help protect endpoints from drive-by downloads and other