What is malware?

Malware is a general term for any software designed to harm computers or computer systems — from viruses and worms to rootkits, spyware, and ransomware. We explain what malware is, how it works, and how best to protect yourself against malware attacks.

What is malware?
What does malware do?
What are the main types of malware?
How can you get malware?
Can Macs get malware?
Can mobiles get malware?
Android malware
iPhone malware
How to detect and remove malware
How to prevent malware attacks
Protect yourself against malware
Protect your business against malware
Final thoughts — update, scan, and beware

What is malware?

Malware, short for “malicious software”, is any file or piece of code designed to harm or gain unauthorized access to a computer or computer network, including your smartphone or tablet — in other words, any software designed with malicious intent.

Almost 40 million new types of malware(new window) were detected in the first quarter of 2022, including viruses, worms, Trojans, adware, spyware, and ransomware. But they’re all designed for one thing: to exploit your device or network to benefit whoever created or deployed the malware.

And you no longer need to be a technical whizz to launch a malware attack. Now any rookie cybercriminal can buy and deploy “off-the-shelf” malware(new window). All it takes is a quick search of the Dark Web(new window) and a few Bitcoins to pay for it. You can even get malware as a service (MaaS)(new window) — complete with your personal online account.

Malware definition

Malware is any file or piece of code designed to harm or gain unauthorized access to a computer or computer network.

What does malware do?

Malware infiltrates or “infects” your computer, laptop, smartphone, or tablet, usually without your knowledge. Depending on the type of malware, whoever deployed it could then:

  • Steal your credit card details or other sensitive personal information
  • Redirect you to pharming websites(new window) that trick you into submitting personal information for identity theft(new window)
  • Encrypt or lock your computer and demand a ransom to “unlock” it
  • Spy on you and report your activities to third parties, including advertisers, government agencies, or fraudsters
  • Use your computer to launch cyberattacks, such as a denial of service (DoS) attack(new window)
  • Exploit your computer to mine Bitcoin(new window) or other cryptocurrencies
  • Install software that can track your browsing habits and bombard you with ads

While some types of malware are illegal and can have disastrous consequences, others are legal and just annoying — showing you unwanted ads or slowing down your device.

What are the main types of malware?

People often talk about “viruses” and “malware” as if they’re the same thing. Yet viruses are just one of many types of malicious software.

The most common types of malware can be classified according to how they spread (such as viruses, worms, Trojans, malvertising) or how they behave (like ransomware, spyware, adware, cryptojacking, and rootkits).

Types of malware, including cryptojacking, rootkit, worm, spyware, Trojan, ransomeware, adware, virus, and malvertising

Viruses

A virus is malware that spreads from computer to computer or across networks. Like a biological virus, it infects a host program to replicate itself and cause damage.

Worms

A worm is also designed to spread from device to device and cause harm. But unlike a virus, a worm doesn’t need a host program to survive and thrive. It can wreak havoc alone.

Trojans

Trojans, or Trojan horses, are created to look like useful, legitimate software. But once installed, they execute malicious code you don’t expect and can’t control.

For example, a remote access Trojan (RAT)(new window), also known as a “backdoor”, gives an attacker full administrative access, allowing them to control your device remotely.

Malvertising

Malvertising, short for “malicious advertising”, is when fraudsters inject ads or ad networks with code to redirect you to a malicious site or install malware. As malvertising may exploit legitimate and even well-known websites, it can be tough to detect.

Ransomware

Ransomware attacks encrypt your device, scrambling your data or locking you out. Criminals then demand a ransom to decrypt or “unlock” it.

Examples of ransomware include CryptoLocker(new window) and the notorious 2017 WannaCry attack(new window), which infected computers in over 150 countries and reportedly caused billions of dollars in losses.

Spyware

Spyware collects information about you and sends it to a third party without your consent. While some spyware may be legitimate (as used by employers, law enforcement, or advertisers), other types may steal sensitive personal details for identity theft.

Keyloggers(new window) are a particular kind of spyware that records every keystroke you make — ideal for hackers to steal passwords and other personal data.

Adware

Adware is unwanted software that displays ads on your device, often in pop-up windows. It often gets downloaded automatically as the price you pay for “free” software. While not always illegal or malicious, adware can be annoying and slow down your device.

Cryptojacking

Cryptojacking malware, also known as crypto-malware(new window), takes over your device and exploits it to mine Bitcoin(new window) or other cryptocurrencies. Designed to operate secretly in the background, crypto-malware shouldn’t damage your device, but it will drain its resources, slowing it down.

Rootkit

Rootkits can give criminals administrator or root access to everything on your device. As rootkits are a kind of fileless malware(new window) using built-in tools in your computer’s operating system, they’re particularly difficult to detect.

Hybrid and other malware

In practice, most online threats are a bundle of more than one type of malware. For example, ransomware often uses a Trojan to attack. And others may be polymorphic malware(new window), which can periodically change their appearance to evade detection.

Another generic type is so-called zero-day malware(new window), any malicious software that takes advantage of computer vulnerabilities before they are patched. A recent example is the Microsoft Office zero-day called “Follina”(new window).

There’s also grayware or potentially unwanted programs (PUP)(new window), which includes some adware and spyware. Sitting in the gray area between legitimate apps and malware, grayware may not be primarily malicious but can be annoying and compromise your device’s performance and security.

How can you get malware?

The most common ways to get infected with malware are via email (phishing(new window)), infected USB drives, or the internet.

Phishing

Phishing(new window) is when fraudsters send you spam emails (malspam) or text messages that look legitimate but contain malicious links or attachments. Unexpected messages from your bank, a government agency, your internet service provider, or PayPal could be from fraudsters aiming to trick you. All you need to do is click on the link or download the attachment and you’ll activate the malware or be redirected to a malicious site.

USB drives

You may think a USB stick or external hard drive is blank, but it can be loaded with malware that installs automatically when you plug it in. There are even malicious cables(new window) that can record everything you type, including passwords. So beware of any USB device or cables you don’t own — don’t plug them in unless you know where they’re from.

Bundled with app downloads

Legitimate apps can come bundled with malicious code if you don’t download them from an official app store or trusted website. Make sure you only download real apps from genuine sources.

Malvertising

Malvertising(new window) uses legitimate ad networks to deliver malicious software, so beware of clicking on digital ads, even on well-known sites. You could get infected or redirected to a malicious site.

WiFi and Bluetooth

Hackers can exploit insecure WiFi networks, such as networks with weak or no passwords, to spread malware. Malware can also spread via Bluetooth by exploiting unpatched vulnerabilities in older versions of operating systems.

Malicious sites

While most malware is delivered by tricking you into taking action (social engineering(new window)), you can also get infected simply by visiting a malicious website or even a legitimate site that has been hacked. Click through to one of these sites and you could fall victim to a drive-by download(new window).

In short, you could be exposed to malware whenever you’re online.

Computer showing malware alert

Can Macs get malware?

It’s often said that Mac computers “don’t get viruses”. Yet recent reports show that Mac malware is on the rise(new window), and even Apple now publishes advice on protecting your Mac from malware(new window).

Cybercriminals used to focus on Windows machines, as they comprised nearly the whole market. But hackers are increasingly targeting Macs as their popularity and market share grow.

While there’s still exponentially more malware for Windows than for macOS(new window), and macOS attracts mainly PUP and adware, Macs aren’t immune to more serious threats.

Even Linux-based operating systems can be hit by malware, though it remains rare on desktop installations. Linux malware increased by 35%(new window) in 2021, mainly targeting distros and builds running the growing Internet of Things(new window) (IoT).

Can mobiles get malware?

Although malware has traditionally targeted desktop computers and networks, malware designed for mobile devices is a growing threat. That’s no surprise, as around half of global internet traffic is now mobile.

Like personal computers, phones can be infected when we tap a link in spam emails or text messages or install a malicious app. Kaspersky alone recorded around 3.5 million malicious installations(new window) on mobiles last year. Malware can also infiltrate mobiles via Bluetooth or WiFi.

Android malware

Since Android phones make up at least 70% of the global mobile market(new window), Android OS remains the prime target for mobile malware.

Google vets apps in the Google Play Store, but malware still manages to sneak in. One recent example is the Dark Herring “fleeceware” campaign(new window), which hit over 100 million Android phones and may have stolen millions of dollars from users.

iPhone malware

While malware on iPhones and iPads is relatively rare compared to Android devices, iOS and iPadOS are by no means impregnable. Like Google, Apple vets apps in its App Store, but multi-million dollar scams(new window) have been found on the platform.

If you “jailbreak” your iPhone — remove its restrictions to install apps bypassing the App Store — you’ll leave yourself even more exposed to malware (and void your device’s warranty).

And if you’re unlucky enough to be targeted by a nation-state with millions to spend, you could fall victim to spyware like Pegasus(new window), which hacked into iPhones without users’ knowledge.

How to detect and remove malware

Although some kinds of malware can lay dormant until triggered or operate invisibly in the background, others manifest themselves in different ways.

Look out for these signs of a malware infection:

  • Device slows down: A dramatic decrease in your computer’s speed could be a malicious actor, such as crypto-malware, hogging its resources.
  • Pop-up ads proliferate: Ads and security warnings popping up all over the place? You could be the victim of adware.
  • Storage space is reduced: Disk space disappeared for no apparent reason? It could be malware expanding to fill the space.
  • Operating system (OS) crashes: While your screen can freeze and OS can crash for a whole host of reasons, if the issue persists, check for malware.
  • Unfamiliar apps are installed: Don’t remember installing that app? It could be a potentially unwanted program or something worse.
  • Antivirus software switches off: If your antivirus program stops working without your intervention, malware could have disabled it to access your device.
  • Browser is modified: New plug-ins, toolbars, or browser settings you didn’t authorize? That could be malware taking over.
  • Contacts get weird messages: Friends receiving emails from you that you didn’t send? Malware could have infected your contacts.
  • Ransom demand appears: If messages like “Your files are encrypted” or “Your computer has been locked” suddenly appear on your screen with a demand for payment, you’ve been hit by ransomware.

If you suspect your device is infected, install good antivirus or malware removal software(new window) (if you haven’t already) and run a scan. A scan should discover any malware lurking on your device and remove or quarantine it. Or try running Microsoft Defender(new window), the built-in anti-malware solution, if you’re on Windows.

And if you get that dreaded ransom demand, there are ways to recover from ransomware(new window) if you’re prepared. But as always, prevention is better than cure. 

How to prevent malware attacks

Malware only works by exploiting computer vulnerabilities and the mistakes we make as users. According to Verizon, over 80% of recent data breaches involved human error(new window).

Protect yourself against malware

Here are some tips to strengthen the security of your devices and help you stay vigilant against malware attacks:

  • Install antivirus or malware removal software: Most good antivirus or internet security software actively scans for all kinds of malware, and many subscriptions cover desktop and mobile OS. Make sure it’s updated with the latest virus/malware definitions.
  • Keep your devices up to date: Update your operating system, browser, browser plug-ins, and other apps to the latest versions with security patches.
  • Use strong passwords and 2FA: Use strong passwords(new window) and two-factor authentication(new window) to secure your devices and online accounts. And don’t forget your router: set a strong password with WPA2 or WPA3 encryption(new window).
  • Secure your email: Use a secure email provider, like our Proton(new window) Mail(new window), which has smart spam filtering(new window) to prevent malspam and PhishGuard anti-phishing protection(new window).
  • Beware of suspicious links and attachments: Don’t click on links or download attachments in emails, text messages, or social media from unknown senders. If you use Proton Mail, use our link confirmation(new window) feature to verify email links.
  • Install apps from a trusted source: Download apps from official sources, like the Google Play store or Apple’s App Store. And read the download agreement to check you’re not consenting to install grayware (PUP)(new window) — apps you don’t need. Avoid downloading software through peer-to-peer (P2P) file sharing or torrenting.
  • Don’t click on digital ads: Avoid clicking on pop-up ads and get an ad-blocker (browser plug-in or standalone app). If you have a paid Proton VPN plan(new window), you can switch on the NetShield (Ad-blocker)(new window) to block adware and malware.
  • Delete old apps: Review the apps you have on your devices regularly and remove what you don’t use, especially if they look unfamiliar.
  • Back up often: Make regular backups of your data (including offline backups) in case you get hit by ransomware or other malware that results in data loss.

Protect your business against malware

If you’re running a business, you’ll need to take the same precautions to block malware as you do at home, just scaled up to fit your company:

  • Corporate antivirus: If you have more than a couple of people in your team, consider getting enterprise antivirus/anti-malware software. Advanced corporate antivirus solutions include real-time threat monitoring focusing on endpoint security(new window) to secure whole networks.
  • Team cyber hygiene: Train your employees in anti-malware best practices, including how to recognize phishing emails, and block the use of unauthorized USB drives.
  • Passwords and 2FA: Enforce a policy of strong passwords and two-factor authentication on all your team’s devices.
  • Protect critical data: Encrypt your business’s data to prevent data loss in case you get hacked. Consider Proton for Business(new window), which offers end-to-end, zero-access encryption for all your business data.
  • Back up your data: Make regular backups of your company’s critical data, including offline versions, to increase your chances of preserving your data in a ransomware attack.

Final thoughts — update, scan, and beware

From pesky PUP to treacherous Trojans demanding ransoms or stealing your passwords, malware comes in many forms and is constantly evolving.

Remember that even legitimate software can be just plain bad, selling your personal data to the highest bidder or draining your device’s resources. So be careful what you click on — check the fine print before you download and install.

To beat malware, Proton Mail(new window) actively checks external incoming email for malspam and includes link confirmation to help you spot phishing. Get a Proton VPN paid plan(new window) and you can also switch on NetShield(new window), which blocks malware, adware, and other trackers that slow your device down.

And remember these three takeaways from the tips above to keep malware at bay, whatever device you’re using:

  • Update: Operating systems, antivirus and anti-malware software, browsers, and other apps — set them to update automatically to the latest versions with critical security patches.
  • Scan: Get antivirus software with real-time monitoring and regular system scans for malware, and scan manually if you spot anything suspicious.
  • Beware. Use strong passwords with 2FA and beware of suspicious links and attachments (phishing), unofficial app downloads, file sharing, online ads, and strange USB drives.

In short, to beat malware, update, scan, and beware!

Related articles

How to fix a 502 error
en
In this article, we explain what a 502 bad gateway error is and explore possible ways to fix it as a visitor to a website.
Watch Thanksgiving Day football with Proton VPN
en
Here's how you can live stream this year's Thanksgiving football games using Proton VPN, whether you're watching from home or abroad.
Where to watch Macy's Thanksgiving day parade
en
Here's how and where to watch Macy's Thanksgiving Day Parade live from anywhere in the world with Proton VPN.
What we've been up to, and what's next
en
Here are the main things Proton VPN delivered this spring and summer and the exciting changes that lie ahead on our product roadmap this winter.
Proton VPN for Windows ARM
en
  • Proton VPN news
We’re pleased to announce a new Proton VPN app with native support for Windows devices that use the ARM chipset.
What is doxing and is doxing illegal
en
  • Privacy basics
We look at what doxing is, who does it (and why), and at how to protect yourself from doxing .