PROBABLYPWNED
Home/Guides/What is Malware

What is Malware?

Everything you need to know about malicious software—the types, how it spreads, and how to protect yourself.

Last updated: January 202510 min read

What is Malware?

Malware—short for "malicious software"—is any software intentionally designed to cause damage to computers, servers, networks, or users. The term covers a broad range of threats including viruses, worms, trojans, ransomware, spyware, and more.

Malware can steal sensitive data, encrypt files for ransom, spy on user activity, conscript devices into botnets, or simply destroy systems. It's the primary tool of cybercriminals and nation-state hackers alike.

Types of Malware

Ransomware

Encrypts files and demands payment for decryption. The most financially damaging malware type. Learn more in our What is Ransomware? guide.

Trojans

Disguises itself as legitimate software to trick users into installing it. Once running, provides backdoor access, steals credentials, or downloads additional malware.

Infostealers

Designed to steal credentials, session cookies, cryptocurrency wallets, and other sensitive data. Major variants include RedLine, Raccoon, and Vidar.

Spyware

Secretly monitors user activity including keystrokes, browsing history, and screen content. Some spyware is used by governments for surveillance (e.g., Pegasus).

Worms

Self-replicating malware that spreads across networks without user interaction. Can cause massive damage quickly—NotPetya and WannaCry are famous examples.

Remote Access Trojans (RATs)

Provides attackers complete remote control over infected systems. Used for espionage, data theft, and deploying additional malware.

Botnets

Networks of infected devices controlled remotely. Used for DDoS attacks, spam campaigns, credential stuffing, and cryptocurrency mining.

Rootkits

Designed to hide deep in the operating system, evading detection. Provides persistent access and can survive system reboots and some security scans.

How Malware Spreads

  • Phishing emails — Malicious attachments or links that download malware. See Phishing Email Examples
  • Malicious websites — Drive-by downloads, fake software updates, and compromised legitimate sites
  • Infected software — Pirated software, trojanized legitimate apps, malicious browser extensions
  • Exploited vulnerabilities — Unpatched software exploited remotely, especially internet-facing systems
  • USB drives — Infected removable media, sometimes deliberately dropped near targets
  • Supply chain attacks — Malware inserted into legitimate software updates or development tools

Signs of Malware Infection

Warning Signs

  • System running unusually slow or using high CPU/memory
  • Unexpected pop-ups, ads, or browser redirects
  • New programs or browser extensions you didn't install
  • Antivirus disabled or unable to update
  • Files missing, encrypted, or with strange extensions
  • Unusual network activity or data transfer
  • Password reset emails you didn't request
  • Contacts receiving spam from your accounts
  • System crashes or blue screens more frequently

How to Prevent Malware

1

Keep Software Updated

Enable automatic updates for your OS, browsers, and applications. Unpatched vulnerabilities are a primary entry point for malware.

2

Use Reputable Security Software

Install antivirus/EDR software and keep it updated. Built-in tools like Windows Defender are effective for most users.

3

Be Skeptical of Emails and Downloads

Don't open attachments or click links from unknown senders. Download software only from official sources.

4

Use Strong, Unique Passwords + MFA

Password managers make this practical. Enable multi-factor authentication everywhere it's offered.

5

Maintain Backups

Regular backups to offline or cloud storage ensure you can recover from ransomware and other destructive malware.

How to Remove Malware

  1. Disconnect from the network — Prevents spread and data exfiltration
  2. Boot into Safe Mode — Limits malware's ability to run and hide
  3. Run multiple antimalware scans — Use your primary AV plus a second-opinion scanner like Malwarebytes
  4. Remove suspicious programs — Check installed programs and browser extensions
  5. Check for persistence — Review startup programs, scheduled tasks, and services
  6. Change all passwords — Assume credentials are compromised, especially if infostealer suspected
  7. Consider rebuilding — For serious infections, a clean OS install is the surest fix

Frequently Asked Questions

Can Macs get malware?

Yes. While historically less targeted than Windows, macOS malware has grown significantly. Macs need security software and safe computing practices just like Windows PCs.

Can phones get malware?

Yes, especially Android devices which allow sideloading apps. iOS is more locked down but not immune, especially to sophisticated spyware. Stick to official app stores.

Is free antivirus good enough?

For most home users, yes. Windows Defender combined with safe computing habits provides solid protection. Paid options add features like VPNs and password managers.

Recent Malware News

CrazyHunter Ransomware Hits Taiwan Healthcare Sector

A new ransomware group has compromised at least six healthcare organizations in Taiwan using BYOVD attacks to disable security software before encryption.

Fog Ransomware Targets US Schools Through Stolen VPNs

A ransomware operation has compromised multiple US educational institutions using stolen VPN credentials. The education sector represents 80% of known victims.

Chrome Extensions Stealing ChatGPT Chats Hit 900K Users

Two rogue browser extensions masquerading as AI tools exfiltrated complete conversation histories from ChatGPT and DeepSeek to attacker-controlled servers every 30 minutes.

View all malware news →

Related Guides

What is Ransomware?

Deep dive into ransomware attacks

Online Safety Tips

Essential practices for staying safe