What is Malware?

Malware is any software program used by digital threat actors to damage, infect, or otherwise compromise targeted systems, including devices, servers, and networks. Malware is a portmanteau of the words “malicious software”.

Threat actors can write their own malware applications or download exploit kits and other ready-made malware programs from deep and dark web marketplaces. After configuring the payload, threat actors use phishing campaigns, impersonation attacks, malvertising, and other methods to fool victims into downloading the malware program.

In most cases, malware programs cannot damage physical hardware devices. However, malware programs exist that can take control of target devices, run hidden processes, exfiltrate or destroy data, spy on user activities, hijack computer functions, steal access credentials, and more. All of this takes place without the victim’s permission, and sometimes even without their knowledge.

What are the Common Types of Malware?


Viruses are among the most common and best-known types of malware. A virus is a malicious computer program that self-replicates, allowing it to spread through and between networks by inserting itself into other programs and files. In addition to producing copies of themselves, viruses often do other harmful things that may or may not be obvious to the victim.


Spyware is a type of malware that is designed to spy on user activity. A spyware program can steal the victim’s personal information, monitor their Internet browsing history, record which files and data they access, and even log keystrokes on the victim’s device. This information can be used by cybercriminals to commit identity theft, steal money, or gain deeper access to secure networks and systems.


A scareware attack is designed to scare the victim into believing their device has been infected with a harmful program that will steal or destroy their data if they don’t take immediate action. The victim might see a fraudulent advertisement that says “Virus Detected on Your PC - Click Here Now to Remove the Infection”. These advertisements often use gimmicks like a fake countdown timer to invoke a sense of urgency. When the victim clicks the advertisement, it typically leads to a malicious domain that could actually infect their device with malware.


Ransomware attacks are among the most frequently seen cybersecurity threat types according to Cisco’s 2021 Cybersecurity Trends Report (Cisco). In a ransomware attack, digital threat actors use a malicious software program to seize control of a target device or system, remove the victim’s access, then demand a ransom to restore the system. 

Companies in the manufacturing sector are the most frequent targets of ransomware attacks. Digital threat actors target production systems to create costly unplanned downtime and victims are forced to pay the ransom to restore their operations.


A Trojan is a malware application disguised as a legitimate piece of software, making victims more likely to download and install it. Once installed, a Trojan can spy on user activity, exfiltrate data, or damage systems. Trojans get their name from the “Trojan Horse”, a wooden decorative horse used by the Greeks to infiltrate the City of Troy and win the Trojan War. 


Adware is any malware program that shows unwanted advertisements on the victim’s computer desktop, browser windows, or within other applications. Clicking the advertisements may lead the victim to a malicious domain, or it may generate fraudulent ad revenue for cybercriminals.


A worm is a type of malware that spreads from computer to computer by exploiting software vulnerabilities. Worms are challenging to defend against because they don’t require any human interactions to spread. Worms can inject other malware programs, steal data, spy on user activity, and execute other processes that deplete system resources.


A rootkit is a software package that modifies the operating system of a malware-infected device to conceal the presence of a malicious program. Rootkits help threat actors avoid identification and removal by cybersecurity teams.


A backdoor is a malware application that allows a threat actor to bypass normal authentication protocols when accessing a secure network. Once a network has been compromised by a malware attack, a threat actor may install a backdoor to help secure long-term access to the network.

Unsolicited Cryptomining

Threat actors are increasingly using malware attacks to install hidden cryptocurrency mining applications on target systems. Unsolicited cryptocurrency mining generates passive income for cybercriminals while depleting the victim’s network bandwidth and compute resources.

How Do Malware Attacks Work?

Digital threat actors use many techniques to manipulate and device their victims into installing malware programs. 

Exploit Kits

An exploit kit is a package of malicious software that searches for vulnerabilities on a target’s computer and uses them to inject a malware payload. Threat actors can easily download exploit kits on the dark web and use them to infect target devices with malware. 

Malicious Domains

A malicious domain is a domain that hosts an exploit kit. When an unsuspecting victim visits the malicious domain, the exploit kit scans their browser for security vulnerabilities and attempts to exploit them by injecting malicious code. Threat actors circulate links to their malicious domains via phishing campaigns that target email platforms, business collaboration tools, social media, public forums, and other channels.


Threat actors can insert malicious programs into advertisements that appear on legitimate websites. When the advertisement loads in the victim’s browser window, the malware will attempt to infect their browser by exploiting a security vulnerability.

Social Engineering Attacks

Threat actors have used social engineering to execute malware attacks. A common technique is to exploit natural human curiosity by loading malware onto a USB drive and leaving the drive in a parking lot or a bathroom. When a victim finds the USB drive and tries to check its contents, the malware program infects their device.

How Does ZeroFOX Protect Your Organization from Malware Attacks?

The ZeroFOX platform delivers protection, intelligence, and disruption to identify phishing emails, dismantle malicious domains, and remove the digital infrastructure used to carry out malware attacks against enterprises.

Download our free report The Future of Digital Threats: 2020 Insights, 2021 Predictions to learn how malware threats evolved over the past year, what’s coming in the future, and how to protect your organization.