15 Types of Malware (Plus Tips to Stay Safe)
15 Types of Malware: What They Are and How to Stay Safe
Hackers, cyberattacks, and ransomware, oh my! Bad actors constantly make headlines by targeting large organizations and vulnerable individuals with computer viruses, ransomware, phishing, and more. These attacks are costly, and experts predict that ransomware attacks alone will cost $265 billion annually by 2031.
Ransomware, however, is just one type of malware that bad actors have at their disposal. There are several types of malware, or malicious software, that typically allow a third party to access your devices, data, and more.
Our list includes 15 different types of malware and provides information on how to prevent attacks, detect malicious software, and mitigate the risks of a malware attack on your organization.
What is malware?
Malware is a catchall term for malicious software. Malware can steal data, monitor user activity, or prevent authorized users from accessing their data or devices. Typically, bad actors leverage malware for financial gain, but they can also use malware to further their agendas. For example, it’s suspected that North Korea performed a politically motivated malware attack against Sony in an attempt to prevent the release of the 2014 film, The Interview.
While all malware is malicious, how each type of malware functions differs. For example, spyware or keyloggers can monitor user activity, capturing sensitive information like passwords or credit card numbers that can be sold or used at a later date. A victim of a spyware attack may not realize that unauthorized users have access to their device for quite some time. Ransomware is much more obvious, as it typically blocks access to a user’s data and demands payment to regain access.
Types of malware also differ in the devices they infect and how they move across networks. Unfortunately, almost every device that can be connected to the internet is vulnerable to malware—yes, even your smart fridge. However, the most common entry points for malicious software onto an individual device or a network of devices are computers and mobile devices, such as smartphones and tablets. By protecting these more vulnerable devices, you can generally keep your entire network secure (and prevent hackers from melting your ice cream by raising the temperature of your freezer).
List of the most common types of malware:
- Viruses: Viruses are the original malware and replicate themselves across infected devices the way a virus replicates itself in a human body.
- Worms: Worms are like viruses in that they replicate across a device or network, however, unlike viruses, they exploit security vulnerabilities to replicate without human intervention.
- Trojans: Trojans are a type of malware that look like legitimate software. Since they appear to be something that’s supposed to be on the device, they can often go undetected.
- Ransomware: Ransomware is a type of malware that encrypts a user’s data and demands a ransom in exchange for a decryption key. Hospitals are frequent targets of ransomware attacks due to the amount of sensitive data they have on their networks and their reliance on connected devices to provide patient care.
- Spyware: Spyware is exactly what it sounds like—malware that’s intended to spy on a user’s device, and share sensitive data, such as bank information or passwords, with a third party without the user’s knowledge.
- Adware: Adware is a subset of spyware that generates revenue for the creator by forcing the victim to view ads on their device.
- Keyloggers: Keyloggers monitor a user’s keystrokes to capture sensitive data such as passwords or credit card numbers and pass them on to bad actors who can use or sell them.
- Rootkits: Rootkits give bad actors unauthorized access to a user’s device and allow them to install additional types of malware on the device. Rootkits are nefarious because they allow bad actors to disable security measures, such as antivirus software, making them difficult to detect.
- Botnets: Botnets are collections of linked computers on a shared network that are working toward a common purpose. While there are many helpful uses of botnets, bad actors can utilize them to execute distributed denial-of-service (DDoS) attacks.
- Fileless malware: Fileless malware operates within a computer’s memory rather than being stored on the device itself. This allows bad actors to steal data and potentially avoid detection from traditional antivirus tools.
- Cryptojacking malware: Cryptojacking malware is used to hijack a machine’s computing power (or access to cloud computing) in order to mine cryptocurrency for the benefit of a bad actor.
- Scareware: Scareware uses fear tactics to convince people to make panicked or impulsive decisions that ultimately harm them, such as downloading a malicious program or making payments to bad actors.
- Backdoors: Backdoors allow bad actors to circumvent typical access protocols (such as passwords or multi-factor authentication) to gain access to a device. Once they’ve gained access, they can install additional types of malware or use the device for nefarious purposes.
- Logic bombs: Logic bombs are malicious code that executes when certain conditions are met. Malicious insiders with access to sensitive data or systems could implement logic bombs that cause harm to the organization.
- Malware-as-a-Service (MaaS): Malware-as-a-Service works the same way as other service offerings—organizations sell both the code and infrastructure required to execute a malware attack.
Types of malware: 15 most common attacks
Now that you’ve gotten a brief overview about the different types of malware, it’s time to go into more detail about how they work, how they’ve been used in the past, and how you can protect yourself from them.
1. Viruses
Viruses are the original malware. They were the first type of malware and are the most well-known type on this list. Viruses infect devices like they infect humans—by attaching themselves to a cell and replicating, except computer viruses attach themselves to programs and replicate across the device, injecting their own code. Instead of an upset stomach or a runny nose, you get slow performance, crashed applications, destroyed files, and more.
Viruses require the user to install the program on their device. While most of us would never intentionally install a virus onto our computer, cybercriminals are clever and use a variety of techniques, such as phishing, to convince unsuspecting users to do just that. Luckily, antivirus software was developed to help organizations and individuals prevent, detect, and remove viruses from their devices and networks.
2. Worms
Like viruses, worms can self-replicate across a device and cause major issues for the end user. Unlike viruses, worms don’t need human intervention to spread. A virus requires that a human installs the software to start infecting/replicating. Once downloaded or otherwise added to a device, a worm will search for a vulnerability that allows it to install itself.
Worms are dangerous because they’re built to exploit the vulnerabilities of an entire network, meaning they can spread from one machine to another, and they can do so quickly. Fortunately, antivirus software can help protect against worms to keep your devices secure.
3. Trojans
Trojans are named for and operate like the mythical Trojan Horse. These pieces of malware disguise themselves as a legitimate file or program, tricking the unsuspecting user into installing it onto their device.
Trojans differ from viruses and worms in that they cannot replicate or infect files on their own. Bad actors utilizing trojans often use similar techniques, including social engineering and phishing, to get unsuspecting users to download and install the malware, often resulting in data loss or unauthorized access.
In 2018, a trojan named Emotet was used to steal financial information, resulting in millions of dollars of damages. Emotet was spread through spam and phishing emails that led unsuspecting users to install it, thinking it was a legitimate application.
4. Ransomware
Ransomware is a favorite of cybercriminals because it’s one of the easiest ways for them to earn substantial sums of money. Once installed on a device, ransomware will begin to encrypt files, preventing users from accessing them or lock them out of the device entirely. Ransomware can also infect large networks, blocking entire organizations from accessing their sensitive data.
Cybercriminals will then demand a ransom in exchange for the decryption key. Paying the ransom often doesn’t solve the problem, since there is no guarantee that the person on the other end will actually provide the decryption key or that it will work—they are criminals after all.
For a deep dive into ransomware, its history, and more examples of ransomware attacks, check out our blog post.
5. Spyware
Spyware is a type of malware that gathers information from a device and shares it with a third party. Spyware is less likely to have an immediate impact on device performance than something like ransomware, but it’s no less insidious.
Think about all of the sensitive information you type into your smartphone or computer every day: passwords, credit card numbers, bank information, PINs, answers to security questions, and more. Once spyware is installed, it can collect all of this information from your device. Bad actors can either use this data themselves or they can sell it to others, potentially resulting in identity fraud.
6. Adware
Adware is a subset of spyware that could be the source of all of those annoying pop-ups that make you feel like you’re back in the 2000s. While it might be fun to imagine spamming your office nemesis with endless pop-ups and ads for embarrassing products, that’s not why cybercriminals use adware. Adware creates revenue for its creators by allowing them to automatically rake in cash for showing you dubious ads.
Unlike legitimate online advertising, it can be difficult or even impossible to close ads, even after you close your browser. Adware can also crash or slow down your browser, or redirect you to sites you didn’t intend to visit. Most antivirus software includes anti-adware capabilities that can help prevent adware and remove it from your device.
7. Keyloggers
Keyloggers record what a user types on their device. Unlike other forms of malware, there are legitimate uses for keyloggers. Some employers utilize them to monitor their employees and parents might use them to monitor their children’s online activity.
But because we can’t have nice things, most of the time keyloggers are used for malicious purposes. In addition to capturing all of your embarrassing Google searches, keyloggers can capture sensitive information, including passwords and credit card numbers, and share them with malicious actors.
8. Rootkits
Rootkits allow bad actors to gain control of a device or multiple devices on a network. Once they gain access to the device, they can install additional types of malware such as keyloggers or ransomware. Rootkits may also contain the bots necessary to launch DDoS attacks
Unlike viruses, rootkits typically don’t destroy data or substantially degrade performance, making them difficult to detect. Most antivirus software includes rootkit scans that look for known rootkit behaviors. Still, rootkits are particularly malicious because they enable bad actors to disable antivirus software that could detect suspicious activity.
There are several different types of rootkits that infect different parts of a device, including firmware rootkits, bootloader rootkits, application rootkits, kernel-mode rootkits, and memory rootkits.
9. Botnets
A botnet is a collection of computers that are under the control of the same person or organization. Like keyloggers, botnets can be used for non-nefarious purposes, like performing tasks that require a large amount of computing power or human time. For example, botnets can be used to monitor chat rooms and remove participants who are violating the chat room’s guidelines.
When the person in control of the botnet is a bad actor, they can use the devices for nefarious purposes, such as carrying out DDoS attacks. Botnets can be deployed on a device using rootkits, making it difficult to detect them once the device is under the control of a bad actor.
10. Fileless malware
Fileless malware is malware that’s stored in the computer’s memory rather than being stored elsewhere, such as on the hard drive. Since fileless malware doesn’t have to install code, it modifies tools that are already installed on the device to achieve its goals. Fileless malware can move across multiple systems by stealing credentials after gaining access to a device. Once the bad actors have access, they can steal sensitive data.
Detecting fileless malware is challenging since there’s no malicious file for security software to detect. Instead, security professionals must leverage tools that allow them to monitor the behavior of devices in their network and look for anomalies that could indicate malicious behavior.
11. Cryptojacking malware
Cryptojacking malware allows a bad actor to gain control of a device and use its processing power to mine crypto. Most cryptojacking malware isn’t focused on stealing or destroying data, but rather reallocating the device’s resources to mine crypto and enrich the bad actor. Since the device’s resources are essentially being hijacked, this type of malware can render the device unusable to anyone except the bad actor. Further, this type of malware can increase operating costs due to increased energy consumption and cloud usage.
It’s important to monitor device performance and cloud usage, as unexpected spikes might indicate a cryptojacking attack. Firewall software can also help prevent cryptojacking malware attacks.
12. Scareware
Scareware uses fear to manipulate people into installing malware on their devices. By generating fear (usually through pop-ups, emails, etc.), bad actors can trick people into making panicked or impulsive decisions that jeopardize their device’s security. For example, a spam email or pop-up ad may claim that your device is infected with viruses and offer a product to remove them in exchange for payment. If you’re lucky, the bad actors will take your money and move on. However, in this example, they may send a bogus program with additional malware that could give them access to your device and data. At the very least, someone with bad intentions has your credit card number, which is never a good thing.
13. Backdoors
A backdoor is a method that can be used to go around security measures that are typically required to access a device. Backdoors, like several other types of malware on this list, have legitimate uses, such as resetting a lost or forgotten password.
When a backdoor is exploited by a bad actor, the consequences can be vast. This unauthorized access allows bad actors to both steal data from the device/network and use the device/network in other nefarious ways including, but not limited to, installing other types of malware or using the device(s) to conduct DDoS attacks.
14. Logic bombs
Logic bombs are pieces of malicious code that only execute when a particular circumstance or condition is met. When those conditions are met, a logic bomb might:
- Corrupt or delete files
- Send sensitive data to unauthorized third parties
- Cause system downtime resulting in financial losses
Most malware infections result from third parties working to gain unauthorized access to a network or device. Logic bombs, however, could be implemented by insiders who have access to sensitive systems. For example, a disgruntled employee may implement a logic bomb that publishes sensitive data if they’re fired. Detecting logic bombs can be tricky, but organizations can combat this by implementing privileged access management tools or endpoint security solutions.
15. Malware-as-a-Service (MaaS)
People really will buy anything these days. Malware-as-a-Service, or MaaS, is when malicious actors develop and sell the software/related infrastructure needed for a malware attack. These organizations operate similarly to other legitimate (aka non-criminal) service providers, with some offering set subscription periods or charging a fee that’s a certain percentage of the profits from the malware attack.
Ransomware is most often sold under the MaaS model, but MaaS operators may lease out botnets or sell backdoors as well.
Protecting against various types of malware
Nobody wants their hard drive locked by a ransomware attack or their device rendered useless by a computer virus. Knowing about the types of malware that are out there is a great start. The next step is to protect yourself from malicious actors. Use unique passwords across all sites, don’t download attachments or applications unless you’ve verified the source, and definitely don’t click on suspicious links in your email inbox.
Beyond these basic steps, you may want to invest in security software to keep your devices, network, and data secure. Learn more about which tools might fit your needs today.
- Best Antivirus Software
- Top Privileged Access Management Solutions
- Top Deception Technology (Decoy) Tools
- Best Firewall Software
- Best Endpoint Security Platforms
- Best Cloud Computing Security Software
- Best Intrusion Detection Tools
- Best Threat Intelligence Platforms
- Best Vulnerability Management Software
- Best Phishing Detection and Response Tools