50% OFF

End-of-year offer

View deals

What is malware?

Posted on July 7th, 2022 by in Security.

 

Malware is a general term for any software designed to harm computers or computer systems — from viruses and worms to rootkits, spyware, and ransomware. We explain what malware is, how it works, and how best to protect yourself against malware attacks.

What is malware?
What does malware do?
What are the main types of malware?
How can you get malware?
Can Macs get malware?
Can mobiles get malware?
Android malware
iPhone malware
How to detect and remove malware
How to prevent malware attacks
Protect yourself against malware
Protect your business against malware
Final thoughts — update, scan, and beware

What is malware?

Malware, short for “malicious software”, is any file or piece of code designed to harm or gain unauthorized access to a computer or computer network, including your smartphone or tablet — in other words, any software designed with malicious intent.

Almost 40 million new types of malware were detected in the first quarter of 2022, including viruses, worms, Trojans, adware, spyware, and ransomware. But they’re all designed for one thing: to exploit your device or network to benefit whoever created or deployed the malware.

And you no longer need to be a technical whizz to launch a malware attack. Now any rookie cybercriminal can buy and deploy “off-the-shelf” malware. All it takes is a quick search of the Dark Web and a few Bitcoins to pay for it. You can even get malware as a service (MaaS) — complete with your personal online account.

Malware definition

Malware is any file or piece of code designed to harm or gain unauthorized access to a computer or computer network.

What does malware do?

Malware infiltrates or “infects” your computer, laptop, smartphone, or tablet, usually without your knowledge. Depending on the type of malware, whoever deployed it could then:

  • Steal your credit card details or other sensitive personal information
  • Redirect you to pharming websites that trick you into submitting personal information for identity theft
  • Encrypt or lock your computer and demand a ransom to “unlock” it
  • Spy on you and report your activities to third parties, including advertisers, government agencies, or fraudsters
  • Use your computer to launch cyberattacks, such as a denial of service (DoS) attack
  • Exploit your computer to mine Bitcoin or other cryptocurrencies
  • Install software that can track your browsing habits and bombard you with ads

While some types of malware are illegal and can have disastrous consequences, others are legal and just annoying — showing you unwanted ads or slowing down your device.

What are the main types of malware?

People often talk about “viruses” and “malware” as if they’re the same thing. Yet viruses are just one of many types of malicious software.

The most common types of malware can be classified according to how they spread (such as viruses, worms, Trojans, malvertising) or how they behave (like ransomware, spyware, adware, cryptojacking, and rootkits).

Types of malware, including cryptojacking, rootkit, worm, spyware, Trojan, ransomeware, adware, virus, and malvertising

Viruses

A virus is malware that spreads from computer to computer or across networks. Like a biological virus, it infects a host program to replicate itself and cause damage.

Worms

A worm is also designed to spread from device to device and cause harm. But unlike a virus, a worm doesn’t need a host program to survive and thrive. It can wreak havoc alone.

Trojans

Trojans, or Trojan horses, are created to look like useful, legitimate software. But once installed, they execute malicious code you don’t expect and can’t control.

For example, a remote access Trojan (RAT), also known as a “backdoor”, gives an attacker full administrative access, allowing them to control your device remotely.

Malvertising

Malvertising, short for “malicious advertising”, is when fraudsters inject ads or ad networks with code to redirect you to a malicious site or install malware. As malvertising may exploit legitimate and even well-known websites, it can be tough to detect.

Ransomware

Ransomware attacks encrypt your device, scrambling your data or locking you out. Criminals then demand a ransom to decrypt or “unlock” it.

Examples of ransomware include CryptoLocker and the notorious 2017 WannaCry attack, which infected computers in over 150 countries and reportedly caused billions of dollars in losses.

Spyware

Spyware collects information about you and sends it to a third party without your consent. While some spyware may be legitimate (as used by employers, law enforcement, or advertisers), other types may steal sensitive personal details for identity theft.

Keyloggers are a particular kind of spyware that records every keystroke you make — ideal for hackers to steal passwords and other personal data.

Adware

Adware is unwanted software that displays ads on your device, often in pop-up windows. It often gets downloaded automatically as the price you pay for “free” software. While not always illegal or malicious, adware can be annoying and slow down your device.

Cryptojacking

Cryptojacking malware, also known as crypto-malware, takes over your device and exploits it to mine Bitcoin or other cryptocurrencies. Designed to operate secretly in the background, crypto-malware shouldn’t damage your device, but it will drain its resources, slowing it down.

Rootkit

Rootkits can give criminals administrator or root access to everything on your device. As rootkits are a kind of fileless malware using built-in tools in your computer’s operating system, they’re particularly difficult to detect.

Hybrid and other malware

In practice, most online threats are a bundle of more than one type of malware. For example, ransomware often uses a Trojan to attack. And others may be polymorphic malware, which can periodically change their appearance to evade detection.

Another generic type is so-called zero-day malware, any malicious software that takes advantage of computer vulnerabilities before they are patched. A recent example is the Microsoft Office zero-day called “Follina”.

There’s also grayware or potentially unwanted programs (PUP), which includes some adware and spyware. Sitting in the gray area between legitimate apps and malware, grayware may not be primarily malicious but can be annoying and compromise your device’s performance and security.

How can you get malware?

The most common ways to get infected with malware are via email (phishing), infected USB drives, or the internet.

Phishing

Phishing is when fraudsters send you spam emails (malspam) or text messages that look legitimate but contain malicious links or attachments. Unexpected messages from your bank, a government agency, your internet service provider, or PayPal could be from fraudsters aiming to trick you. All you need to do is click on the link or download the attachment and you’ll activate the malware or be redirected to a malicious site.

USB drives

You may think a USB stick or external hard drive is blank, but it can be loaded with malware that installs automatically when you plug it in. There are even malicious cables that can record everything you type, including passwords. So beware of any USB device or cables you don’t own — don’t plug them in unless you know where they’re from.

Bundled with app downloads

Legitimate apps can come bundled with malicious code if you don’t download them from an official app store or trusted website. Make sure you only download real apps from genuine sources.

Malvertising

Malvertising uses legitimate ad networks to deliver malicious software, so beware of clicking on digital ads, even on well-known sites. You could get infected or redirected to a malicious site.

WiFi and Bluetooth

Hackers can exploit insecure WiFi networks, such as networks with weak or no passwords, to spread malware. Malware can also spread via Bluetooth by exploiting unpatched vulnerabilities in older versions of operating systems.

Malicious sites

While most malware is delivered by tricking you into taking action (social engineering), you can also get infected simply by visiting a malicious website or even a legitimate site that has been hacked. Click through to one of these sites and you could fall victim to a drive-by download.

In short, you could be exposed to malware whenever you’re online.

Computer showing malware alert

Can Macs get malware?

It’s often said that Mac computers “don’t get viruses”. Yet recent reports show that Mac malware is on the rise, and even Apple now publishes advice on protecting your Mac from malware.

Cybercriminals used to focus on Windows machines, as they comprised nearly the whole market. But hackers are increasingly targeting Macs as their popularity and market share grow.

While there’s still exponentially more malware for Windows than for macOS, and macOS attracts mainly PUP and adware, Macs aren’t immune to more serious threats.

Even Linux-based operating systems can be hit by malware, though it remains rare on desktop installations. Linux malware increased by 35% in 2021, mainly targeting distros and builds running the growing Internet of Things (IoT).

Can mobiles get malware?

Although malware has traditionally targeted desktop computers and networks, malware designed for mobile devices is a growing threat. That’s no surprise, as around half of global internet traffic is now mobile.

Like personal computers, phones can be infected when we tap a link in spam emails or text messages or install a malicious app. Kaspersky alone recorded around 3.5 million malicious installations on mobiles last year. Malware can also infiltrate mobiles via Bluetooth or WiFi.

Android malware

Since Android phones make up at least 70% of the global mobile market, Android OS remains the prime target for mobile malware.

Google vets apps in the Google Play Store, but malware still manages to sneak in. One recent example is the Dark Herring “fleeceware” campaign, which hit over 100 million Android phones and may have stolen millions of dollars from users.

iPhone malware

While malware on iPhones and iPads is relatively rare compared to Android devices, iOS and iPadOS are by no means impregnable. Like Google, Apple vets apps in its App Store, but multi-million dollar scams have been found on the platform.

If you “jailbreak” your iPhone — remove its restrictions to install apps bypassing the App Store — you’ll leave yourself even more exposed to malware (and void your device’s warranty).

And if you’re unlucky enough to be targeted by a nation-state with millions to spend, you could fall victim to spyware like Pegasus, which hacked into iPhones without users’ knowledge.

How to detect and remove malware

Although some kinds of malware can lay dormant until triggered or operate invisibly in the background, others manifest themselves in different ways.

Look out for these signs of a malware infection:

  • Device slows down: A dramatic decrease in your computer’s speed could be a malicious actor, such as crypto-malware, hogging its resources.
  • Pop-up ads proliferate: Ads and security warnings popping up all over the place? You could be the victim of adware.
  • Storage space is reduced: Disk space disappeared for no apparent reason? It could be malware expanding to fill the space.
  • Operating system (OS) crashes: While your screen can freeze and OS can crash for a whole host of reasons, if the issue persists, check for malware.
  • Unfamiliar apps are installed: Don’t remember installing that app? It could be a potentially unwanted program or something worse.
  • Antivirus software switches off: If your antivirus program stops working without your intervention, malware could have disabled it to access your device.
  • Browser is modified: New plug-ins, toolbars, or browser settings you didn’t authorize? That could be malware taking over.
  • Contacts get weird messages: Friends receiving emails from you that you didn’t send? Malware could have infected your contacts.
  • Ransom demand appears: If messages like “Your files are encrypted” or “Your computer has been locked” suddenly appear on your screen with a demand for payment, you’ve been hit by ransomware.

If you suspect your device is infected, install good antivirus or malware removal software (if you haven’t already) and run a scan. A scan should discover any malware lurking on your device and remove or quarantine it. Or try running Microsoft Defender, the built-in anti-malware solution, if you’re on Windows.

And if you get that dreaded ransom demand, there are ways to recover from ransomware if you’re prepared. But as always, prevention is better than cure. 

How to prevent malware attacks

Malware only works by exploiting computer vulnerabilities and the mistakes we make as users. According to Verizon, over 80% of recent data breaches involved human error.

Protect yourself against malware

Here are some tips to strengthen the security of your devices and help you stay vigilant against malware attacks:

  • Install antivirus or malware removal software: Most good antivirus or internet security software actively scans for all kinds of malware, and many subscriptions cover desktop and mobile OS. Make sure it’s updated with the latest virus/malware definitions.
  • Keep your devices up to date: Update your operating system, browser, browser plug-ins, and other apps to the latest versions with security patches.
  • Use strong passwords and 2FA: Use strong passwords and two-factor authentication to secure your devices and online accounts. And don’t forget your router: set a strong password with WPA2 or WPA3 encryption.
  • Secure your email: Use a secure email provider, like our Proton Mail, which has smart spam filtering to prevent malspam and PhishGuard anti-phishing protection.
  • Beware of suspicious links and attachments: Don’t click on links or download attachments in emails, text messages, or social media from unknown senders. If you use Proton Mail, use our link confirmation feature to verify email links.
  • Install apps from a trusted source: Download apps from official sources, like the Google Play store or Apple’s App Store. And read the download agreement to check you’re not consenting to install grayware (PUP) — apps you don’t need. Avoid downloading software through peer-to-peer (P2P) file sharing or torrenting.
  • Don’t click on digital ads: Avoid clicking on pop-up ads and get an ad-blocker (browser plug-in or standalone app). If you have a paid Proton VPN plan, you can switch on the NetShield (Ad-blocker) to block adware and malware.
  • Delete old apps: Review the apps you have on your devices regularly and remove what you don’t use, especially if they look unfamiliar.
  • Back up often: Make regular backups of your data (including offline backups) in case you get hit by ransomware or other malware that results in data loss.

Protect your business against malware

If you’re running a business, you’ll need to take the same precautions to block malware as you do at home, just scaled up to fit your company:

  • Corporate antivirus: If you have more than a couple of people in your team, consider getting enterprise antivirus/anti-malware software. Advanced corporate antivirus solutions include real-time threat monitoring focusing on endpoint security to secure whole networks.
  • Team cyber hygiene: Train your employees in anti-malware best practices, including how to recognize phishing emails, and block the use of unauthorized USB drives.
  • Passwords and 2FA: Enforce a policy of strong passwords and two-factor authentication on all your team’s devices.
  • Protect critical data: Encrypt your business’s data to prevent data loss in case you get hacked. Consider Proton for Business, which offers end-to-end, zero-access encryption for all your business data.
  • Back up your data: Make regular backups of your company’s critical data, including offline versions, to increase your chances of preserving your data in a ransomware attack.

Final thoughts — update, scan, and beware

From pesky PUP to treacherous Trojans demanding ransoms or stealing your passwords, malware comes in many forms and is constantly evolving.

Remember that even legitimate software can be just plain bad, selling your personal data to the highest bidder or draining your device’s resources. So be careful what you click on — check the fine print before you download and install.

To beat malware, Proton Mail actively checks external incoming email for malspam and includes link confirmation to help you spot phishing. Get a Proton VPN paid plan and you can also switch on NetShield, which blocks malware, adware, and other trackers that slow your device down.

And remember these three takeaways from the tips above to keep malware at bay, whatever device you’re using:

  • Update: Operating systems, antivirus and anti-malware software, browsers, and other apps — set them to update automatically to the latest versions with critical security patches.
  • Scan: Get antivirus software with real-time monitoring and regular system scans for malware, and scan manually if you spot anything suspicious.
  • Beware. Use strong passwords with 2FA and beware of suspicious links and attachments (phishing), unofficial app downloads, file sharing, online ads, and strange USB drives.

In short, to beat malware, update, scan, and beware!

A long-standing privacy advocate, Harry worked as a translator and writer in a range of industries, including a stint in Moscow monitoring the Russian media for the BBC. He joined Proton to promote privacy, security, and freedom for everyone online.

Secure
your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN