What’s a Zero-Click Exploit & Zero-Click Malware?

What’s a Zero-Click Exploit & Zero-Click Malware?

1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 5.00 out of 5)

Zero-click attacks are causing trouble for even the most vigilant tech users and corporations these days. So, let’s explore zero-click exploits and zero-click malware to better understand these attacks and why they’re such an concern

People are becoming increasingly tech-savvy. Most of us employ caution while opening any suspicious links, messages, or attachments. But there’s one special type of attack that can hack your device without you doing anything or making a security slip-up. It’s called a zero-click attack. Zero-click attacks typically involve one or both of the following:

  1. Zero-click exploits
  2. Zero-click malware programs

In this article, we’ll discuss both these components — zero-click exploits and zero-click malware — in detail to understand what they are and how they contribute to zero-click attacks.

What Is a Zero-Click Exploit? A Look at How Zero-Click Attacks Begin

An illustration of zero-click malware on a mobile device
An illustration of a smartphone that’s infected with zero click malware after a zero-click exploit was used to an attacker’s advantage.

As the name implies, a zero-click exploit is a type of cyber attack method bad guys use to penetrate the target device on a trial-and-error basis without requiring any actions (i.e., clicks) from the user. Basically, it’s code that executes a malicious payload as soon as a weak spot is found in the system. For example, an exploit could take advantage of a programming or design error in an application or system.

In general, an exploit is a weak area in a system and uses it as an entry point to deliver malware or execute a cyberattack. Regular exploits need the victim to do something — like clicking a link or installing corrupt software — for the exploit to work and the malware to install. Zero-click exploits, on the other hand, don’t require any such action from users.

A zero-day, zero-click exploit uses malicious code that takes advantage of an as-yet-undiscovered vulnerability in a system and doesn’t require user action. More commonly, hackers use zero-click exploits targeting known but unfixed vulnerabilities, which are often listed on public platforms, to use as a means of deploying zero-click malware. They also target people who are using an outdated version of the software.

Hackers use the same skills and tools as penetration testers and other threat hunters. But what sets them apart is that they look for weak areas where they can execute malicious software or code even without any triggers or engagement by the targeted user.

What Is Zero Click Malware?

Zero click malware means a malicious program or string of code that takes advantage of a zero-click exploit to enter your device (even if you haven’t clicked on or downloaded it). For example, you might get a text message containing zero-click malware. Even if you don’t open the message or click any links in it, the malware will infect your smartphone.

Zero click malware can be a virus, worm, trojan, spyware, or ransomware. This malware generally works silently in the background, so the victims don’t suspect anything wrong until it’s too late. Zero click malware can directly attack your device or be delivered through an exploit.

The Difference Between Zero-Click Exploit and Zero-Click Malware

There’s a difference between zero-click exploit and zero-click malware.

  • A zero-click exploit is designed to find and use vulnerabilities and bugs in a system without the active involvement of the victim. The exploit itself doesn’t contain any malicious code. Zero-click exploits can deliver regular malware and zero-click malware.
  • Zero-click malware is the malicious code or program itself that’s designed to infect devices and execute destructive commands without requiring users to click on or do anything. This differs from regular malware that needs an action to be activated (triggered) by the user. Zero-click malware also works autonomously and silently in the background without any warnings; regular malware also often have signs of infection like slowing down the device, screen-freezing, and opening up unknown programs automatically.

A Real World Example of a Zero-Click Exploit: FORCEDENTRY

A recent example of a zero-click exploit is FORCEDENTRY. It is a zero-click exploit developed by the NSO Group to deliver Pegasus spyware, which clients use to spy on victims. Clients provide names and phone numbers of the person they want to spy on and the NSO group uses FORCEDENTRY to find a security vulnerability on the target’s iPhone and deliver Pegasus spyware using Apple’s iMessages.

The good news, at least, is that this iMessage-based zero-click exploit for iPhones has now been patched. However, its impact won’t soon be forgotten. Google’s Project Zero (GPZ) team described this particularly effective remote code execution as both “incredible” and “terrifying.”

Note: FORCEDENTRY is designed for iPhones but Pegasus spyware is delivered using various different exploits in Android phones as well.

Am I at Risk of a Zero Click Attack?

Hackers have been using zero-click malware for many years for all kinds of nefarious activity, including stealing credentials, monitoring victims’ actions, and executing ransomware attacks. So, yes, you could certainly be a victim of a zero-click attack. Unfortunately, no matter how vigilant you are, a zero click attack can infect your system as soon as it is delivered on your device, and you probably won’t even notice.

According to the GPZ team: “Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it’s a weapon against which there is no defense.”

However, because an ounce of prevention is better than a pound of cure, here are a few things you can do to minimize the risk or impact of malware infections and to reduce your risk of falling prey to zero-click exploits:

  • Keep your systems and apps updated. Keep applications, operating systems, and all other digital components on your device updated. Never procrastinate installing a patch version. It can save you from a wide range of cyberattacks, including zero-click malware (once a fix has been released).
  • Delete unknown and unused apps. If you have apps on your device that you no longer use (and may not update), then those apps can become weaknesses in your security defense’s armor that bad guys can exploit. This is why it’s important to periodically go through your device and uninstall any unused or unknown apps.
  • Use antivirus and antimalware programs. Regularly scan your device with strong antivirus and antimalware software. Also, use other internet safety tools such as firewall, security extensions for Chrome and add-ons for Firefox.
  • Maintain multiple current backups of your data. Always takes backup in the cloud storage platform or a separate detachable hard drive or USB pen drive. While this isn’t so much a prevention method, it helps to mitigate the impact of your device becoming compromised. If malware corrupts your data, you can use your backups to restore it.
  • Get professional help from cybersecurity experts: If you think your data is getting leaked or your device is showing any signs of hacking, get your device inspected by a security professional as soon as possible.   

Summary of Zero Click Exploits and Malware

Any attacks executed using a zero-click malware or zero-click exploit (or both) are known as zero-click attacks. Here, the payload gets executed in the victim’s device even if they haven’t clicked anything or installed the malware intentionally. The zero-click exploit aims to take advantage of security loopholes (vulnerabilities) that exist in the targeted victim’s device and deliver the malicious payload.

Zero click malware is malicious code designed to follow destructive commands. Once delivered to the device, it doesn’t need any action from users to activate. It starts working in the background without any obvious signs.

The best way to mitigate such threats is to regularly install the updated versions of all your hardware and software components as soon as patches and updates are available.

About the author

Medha is a regular contributor to InfoSec Insights. She's a tech enthusiast and writes about technology, website security, cryptography, cyber security, and data protection.