Malicious Software (Malware)

What is Malware?

Malware is the most common type of cyber threat in 2024. Combine the first part of malicious with the last part of the software, and you have the name. But what is malware? By definition,, it is any software that does something to your detriment and to the benefit of the cybercriminals.

There are many types of malware. The term covers everything from viruses to ransomware and from worms to cryptojackers. Each type of malware has many variants, and some even exhibit characteristics of more than one type, making categorization troublesome. Features they all share, however, are they are intrusive, hostile, increasingly sophisticated, and costly to the victim.

Financial gain is the driving force behind most malware. There’s great variety in the ways the illegal profits are gathered. Ransomware is straightforward extortion.

Cryptojackers use computer to covertly mine cryptocurrency and earn financial rewards for their efforts. Malware can steal your data. It can eavesdrop on e-commerce transactions and steal customers’ credit card details.

It can spy on your computer activity and send all of your keystrokes to the perpetrators or “threat actors.” This reveals authentication credentials for any system you’ve logged into.

Rarely political or social activists (“hacktivists“) mount a malware infection that isn’t motivated by money. Hacktivists target organizations that hold opposing political views or that exhibit (in their view) poor ethical judgment, environmentally harmful practices, or a bad human rights record.

The term malware also includes code that can infect your Internet browser. It might capture keystrokes. It might force-feed you with adverts. It may try to coerce you into clicking a link or visiting a website so that you become infected with their end-game malware, the one they try to make money from.

Key Takeaways

Malware is a major and evolving threat, including viruses, ransomware, spyware, and more, that can cause significant harm to victims.
Financial gain is the main driver, with tactics like ransomware for extortion and cryptojacking to mine cryptocurrency using infected devices.
Macs and mobile devices are also at risk, challenging the belief that only Windows systems are vulnerable.
Human behavior is a major factor in malware attacks, as many infections result from clicking on malicious links or downloading untrusted apps.
Comprehensive cybersecurity measures like antivirus software, regular updates, and cautious online behavior are essential for protection.

Table of Contents Table of Contents

What is Malware?
Key Takeaways
Can Macs Get Malware?
Common Types of Malware
How to Tell If You're Infected With Malware
How to Protect Yourself From Malware
The Bottom Line
FAQs
References

Table of Contents

What is Malware?
Key Takeaways
Can Macs Get Malware?

Show Full Guide

Common Types of Malware
How to Tell If You're Infected With Malware
How to Protect Yourself From Malware
The Bottom Line
FAQs
References

Can Macs Get Malware?

Malware isn’t restricted to the Windows world. Apple Macs and Google Chromebooks are not immune to malware. Anything with a browser can catch malware, and Apple-specific malware grew by 270% in 2017. That’s the fastest-growing area of malware.

There are two reasons Apple computers have caught the attention of the malware authors.

One is there are now sufficient quantities of Apple computers being used in business to justify the effort.
The second reason is almost all Mac users believe they don’t need antivirus or anti-malware end-point protection. They still believe in the fictional Apple immunity. There’s nothing a threat actor likes more than an unprotected target and easy pickings – or people who don’t practice proper cyber security hygiene.

And don’t forget mobile devices such as tablets and cell phones. These can become infected just as easily. There are billions of mobile devices in the world, and that’s too big a target for the threat actors to ignore.

Common Types of Malware

Adware

Adware displays fraudulent adverts on your computer. Very rarely, these may appear on your desktop, but most adware runs inside your browser. Adware has been around for many years and started off as just that – annoying, intrusive adverts. Nowadays, adware is a ruse designed to provoke you into performing another action, such as clicking a link or installing a bogus malware-cleaner.

Spyware

Spyware does not announce itself. It runs in the background, watching your activity and recording keystrokes. This information is relayed back to the threat actor. They can review the information sent to them and try to discover industrial secrets or log-in credentials to other systems.

Viruses

A virus is a malware with a particular distribution and replication technique. A virus will attach itself to another, usually bona fide, program. When that program is executed by the user, the virus replicates itself by attaching duplicates of itself to other applications within the computer.

Worms

Worms are similar to viruses, but worms can replicate across networks and from computer to computer. They are usually destructive and intentionally damage data files.

Trojans

A Trojan horse, often called just a Trojan, is another distribution method for malware. It masquerades as a genuine program but carries a dangerous payload. This is why downloading software from untrustworthy sites is so risky.

Popular or expensive software applications or entertainment media are made available for download by the threat actors. They upload it to pirate sites because they know it will be downloaded many times. The hidden malicious payload might be a keystroke recorder or a ransomware installer, or it might give the threat actors remote control of your computer.

Ransomware

Ransomware encrypts the files on your computers and servers so that you cannot access your data, documents, and email. You are forced to pay a ransom in cryptocurrency in exchange for the decryption of your data.

Ransomware “kits” are available on the Dark Web at low cost, placing this type of attack even within the grasp of unskilled threat actors. You can even find ransomware-as-a-service (RaaS) providers on the Dark Web who will conduct ransomware campaigns on your behalf. They take a cut of the profits, so there are no up-front costs for the would-be cybercriminal to get into the ransomware game.

Cybercriminals like ransomware because these attacks are profitable and, surprisingly, often uninvestigated. Many victims quietly pay the ransom rather than go public and involve the police. They’d prefer to pay the ransom and avoid the reputational damage associated with being a victim of cybercrime and branded insecure.

Rootkits

A rootkit usually provides the threat actor with remote administrator privileges on your computer. Rootkits are sophisticated and are often able to resist disinfection by all but the most proficient antivirus packages.

Keyloggers

A keylogger captures every keystroke entered on the infected machine and sends them in batches to the threat actors. Sensitive information like authentication credentials, industrial secrets, corporate intellectual property, credit card details, and anything else that the threat actors can monetize is extracted from the data. It is either used by the threat actors or sold on the Dark Web.

Cryptojackers

Cryptojacking is a huge problem. Ransomware and cryptojacking vie for the number one and two spots of most common malware. Cryptojacking is the illicit use of your hardware to perform cryptomining. Cryptocurrencies like Bitcoin record the details of financial transactions in encrypted blocks of data. The blocks are appended to a list of blocks called the blockchain.

It is very computationally expensive to perform the calculations required to create the blocks. Anyone can devote some of their PC processing power to assist in the calculations. If the output of your calculations (called a hash) is used to finalize the addition of a block, you are rewarded with a fractional amount of the cryptocurrency.

This is called cryptomining. If enough of your hashes are used by the blockchain, your tiny rewards start to mount up to meaningful figures of “free” money. This is legal, and open to anyone who has any of that cryptocurrency.

The illegal part is that cryptojackers mine cryptocurrency using other people’s computers. The more devices that are infected, the bigger the pool of resources that they have working for them. It effectively creates a tremendously powerful computing platform out of the army of infected devices, all working in unison without their owners’ knowledge or permission.

Of course, the owners of those computers are paying for the price of the mining and suffering the degraded performance of their hardware.

How to Tell If You’re Infected With Malware

Loss of speedPop-up advertsCrashes and freezesLow hard drive spaceUnusual Internet activityYour computer is laboringBrowser changesAntivirus is throttledThe ransomware tells you!

If you notice a sudden degradation in performance, question it. It might not be malign, but get it checked out. Something has changed, so find out why.

It’s tempting to soldier on and tell yourself you’re too busy to have IT come and mess about with your computer and that you’ll raise the issue after you’ve finished this important report. Don’t take that approach. Report it as soon as you notice a deviation from the norm.

You’re suddenly plagued by pop-up adverts. This is a typical indication that you have been infected by adware. Clicking on an advert, link, or even a message saying “opt-out of these adverts” is likely to infect you with something much worse.

Your computer crashes, lock-ups for short periods, or freezes completely. These incidents may be the intended action of the malware, or it might mean the malware has bugs in it. Malware is software, and software is prone to bugs. Even poorly written malware can be disruptive, costing you time, data, and money.

Your hard drive space is being used up, and you don’t know why. You may have a digital squatter residing on your hard drive. Perhaps it is stockpiling data and keystrokes prior to dispatching them to the threat actors.

Your Internet activity increases. This might be due to the malware sending its findings back to a command and control server and receiving instructions from the server. It might be because your computer is siphoning company data to the threat actors.

Your computer is running hot, or your laptop fan is loud all the time. You may have a piggy-back malware using your CPU cycles and RAM to work on a profitable task such as cryptocurrency mining. The rewards of which go into the threat actor’s digital wallet.

Your browser’s homepage is reset. You might see a new toolbar or a browser extension. Clicking links on web pages may take you to unexpected web pages. Any of these indicates your browser has been hijacked. The threat actors are trying to get you to click on some other link or to install a package that offers to disinfect your PC.

Your antivirus end-point protection loses functionality. It might not accept updates, or it won’t perform a scan. Something has infected your system and disabled your protection. This is the digital equivalent of breaking into a building and taking out the security guards.

When a message says you’re infected, you don’t have to guess whether you’ve been hit by ransomware. It takes great pleasure to let you know and tell you the cost of unencrypting your data. It will ask for a ransom in cryptocurrency in exchange for unencrypting your data.

How to Tell if Your Cell Phone is Infected With Malware

Here are some tell-tale signs that your mobile device has become infected:

You’re seeing a deluge of adverts
You had an inexplicable upturn in data usage
There are unaccountable charges on your bill
Your battery life runs down faster than usual
Malware can replicate one device to another by means through emails and SMS text messages. Your contacts might start getting mysterious messages from your cell phone
Some malware can make your cell phone heat up to the point that the battery physically swells
Apps that you didn’t install appear on your handset
Wi-Fi and Internet access keeps turning itself back on after you’ve turned it off

Malware Infection Methods

The two most common methods used to spread malware are email and activities involving the Internet.

Fraudulent – and often unsolicited – emails carry malicious attachments or entice you into clicking on links. You can be infected by browsing a legitimate but infected website that has been compromised by the threat actors. Of course, there are purpose-built malicious sites that infect everyone who visits. They entice visitors by offering pirated computer games, films, software, and music.

Mobile devices can become infected when you install untrusted apps, when clicking on a link in a bogus email or SMS text message, or by signing up for a too-good-to-be-true web service.

The common factor in all of these attacks is the human one. Someone opens the attachment, clicks the link, installs the app, or makes the download. Behavioral changes, threat awareness, and a healthy degree of caution can drastically lower the risk of infection.

How to Protect Yourself From Malware

Stay vigilant. Check domain names in links for strange spellings. Hover over links to see what they really point to. It might not be the same location as the text in the link would suggest.
Don’t click on pop-up adverts while browsing the Internet.
Never open attachments in dubious emails. If there’s a chance it might be genuine, contact the sender for verification.
Do not download software from unofficial websites, pirate sites, and peer-to-peer file transfer networks.
Ensure your operating systems, application software, network device firmware, and mobile devices receive regular security patches and updates from the manufacturer. Don’t use any operating system (OS) or software that is out of its supported life cycle.
Only install apps from the official Google Play Store or the Apple App Store.
Do not click links in unsolicited emails, SMS text messages, and WhatsApp messages.
Install a top-tier end-point protection package on all of your network and mobile devices. The market leaders will include anti-virus and anti-malware protection in one solution.
Segment and segregate your network where possible.
Don’t use privileged accounts such as system administrator accounts for anything other than system administration.
Get insurance. Many companies offer cyber insurance policies, and homeowners and renters insurance sometimes cover cybercrime and malware. Tell your insurance company that you want a “personal cyber insurance rider.”

The Bottom Line

Malware is an evolving threat across all devices, driven largely by financial motives. Remember, your best protection is personal vigilance by yourself and your staff. Even the best end-point protection cannot stop a brand-new strain of malware. There is a finite period between the release of a new malware variant and the release of new signature updates. Until your end-point protection receives the new signatures, it cannot detect and nullify the new threat.

Unprotected periods are called “zero days.” In a zero-day situation, your defenses are reduced to the joint awareness, diligence, and working practices of you, your staff, and your colleagues.