Written by Joseph Regan & Ivan Belcic
Updated on May 30, 2024

What is malware?

Malware is any type of software created to harm or exploit another piece of software or hardware. Short for “malicious software,” malware is a collective term used to describe viruses, ransomware, spyware, Trojans, and any other type of code or software built with malicious intent.

This article contains :

    It’s this malicious intent that characterizes the malware definition — software created and deployed to damage computers, systems, servers, or networks. What distinguishes one strain of malware from another is how it works and why it’s used. The malware meaning has also expanded in recent years to include threats from emerging technologies, such as AI-assisted malware.

    Is malware a virus?

    All viruses are malware, but not all types of malware are viruses. Viruses are a type of malware that self-replicate by inserting their code into other files or programs, then spreading from one infected device to another.

    If malware isn’t using other programs to copy itself and spread, then it’s not, technically, a virus. A malicious virus can spread not only to other programs on the same device but to other devices and users on the same network.

    What does malware do?

    Malware attacks can crack weak passwords, bore deep into systems, spread through networks, and disrupt the daily operations of an organization or business. Other types of malware can lock up important files, spam you with ads, slow down your computer, or redirect you to malicious websites.

    Hackers know how to use malware in complex and sneaky ways, so being aware of malware symptoms can help you find hidden malware on your device.

    Know the different malware symptoms, from your device overheating to an abundance of pop-up ads.Know the different malware symptoms, from your device overheating to an abundance of pop-up ads.

    What are the signs of malware in a computer or phone?

    So, how do you know if you have malware? The symptoms are diverse depending on the infection type, but there are some similar malware warning signs no matter the source.

    Here’s how to tell if you have malware:

    • Sudden performance drops: Malware can occupy a ton of processing power, resulting in severe slowdowns. That’s why removing malware is one way to speed up your PC.

    • Frequent crashes and freezing: Some malware causes your computer to freeze or crash, while other types will cause crashes by consuming too much RAM or driving up CPU temperatures. Sustained high CPU usage may also be a sign of malware.

    • Deleted or corrupted files: Malware often deletes or corrupts files as part of its plan to cause as much chaos as possible.

    • Lots of pop-up ads: Adware’s job is to spam you with pop-ups. Other types of malware may cause pop-up ads and alerts as well.

    • Browser redirects: If your browser keeps sending you to sites that you aren’t trying to visit, a malware attack may have made changes to your DNS settings.

    • Your contacts are receiving strange messages from you: Some malware spreads by emailing or messaging victims’ contacts. Secure messaging apps can help protect your communications from eavesdroppers.

    • You see a ransom note: Ransomware wants you to know it’s there — it’ll take over your screen with a ransom note demanding payment to get your files back.

    • Unfamiliar apps: Malware can install additional apps on your device. If you see new programs that you didn’t install yourself, it may be the result of a malware attack.

    Certain strains of malware are easier to detect than others. Ransomware and adware are usually visible immediately, while spyware wants to stay hidden. One of the best ways to detect malware before it infects your PC, Mac, or mobile device is to use a dedicated antivirus tool.

    AVG AntiVirus FREE combines one of the world’s largest threat-detection networks with an award-winning cybersecurity engine to scan and remove malware on your device, while helping to block new malware trying to infect it.

    Why do hackers and cybercriminals use malware?

    • Data theft: Dangerous hackers can steal data and use it to commit identity theft or sell it on the dark web. Malware-based data theft can involve redirecting people to pharming websites, capturing passwords with spyware, and even large-scale data breaches.

    • Corporate espionage: Data theft on a corporate scale is known as corporate espionage. Companies can steal secrets from their competitors, and governments often target large corporations as well.

    • Cyberwarfare and international espionage: Governments around the world are frequently accused of using malware against other countries and large corporations. In 2023, U.S. and Japanese authorities warned against Chinese cyber threat group BlackTech hacking router firmware using remote access tools (RATs).

    • Sabotage: Sometimes, damage is the goal. Attackers can delete files, wipe records, or shut down entire organizations to cause millions of dollars of damage.

    • Extortion: Ransomware encrypts a victim’s files or device and demands payment for the decryption key. The purpose is to get the victim — a person, institution, or government — to pay the ransom. In December 2023, hackers commandeered the private data of Insomniac Games and put the confidential files up for auction when their $2 million dollar demand was refused by Sony.

    • Law enforcement: Police and other government authorities can use spyware to monitor suspects and harvest information to use in their investigations.

    • Entrepreneurship: Many potent strains of ransomware are available to anyone as Ransomware-as-a-Service (RaaS), where the developer licenses their malware as a “kit” in exchange for a fee or cut of every payment. In April 2022, RaaS kit Hive was used to attack Microsoft Exchange Servers.

    • DDoS attacks: Hackers can use malicious software to create botnets — linked networks of “zombie computers” under the attacker’s control. The botnet is then used to overload a server in a distributed denial of service (DDoS) attack. In February 2024, multiple UK universities were targeted by DDoS group Anonymous Sudan for political reasons.

    • Mining cryptocurrency: Cryptominers force a victim’s computer to generate, or mine, bitcoin or other cryptocurrency for the attacker. Infiltrating a victim’s cloud is an especially lucrative way for cryptominers to profit. According to Google’s Threat Horizons report for H1 2024, over 65% of Google Cloud attacks are for cryptomining purposes.

    Malware examples

    Common types of malware include viruses, Trojans, spyware, keyloggers, worms, ransomware, adware, scareware, rootkits, cryptominers, and logic bombs. Learn how to identify malware by reading through the malware examples and their definitions below:


    Computer viruses infect clean files and spread to other clean files. A malicious virus can spread uncontrollably, damaging a system’s core functionality and deleting or corrupting files. The history of viruses dates back to the 1980s.

    Macro viruses

    Macro viruses are a type of virus that exploit macros in Microsoft Office apps like Word and Excel to infect your device. This malicious virus can extract a malware file that gathers information or enables its owner to control your computer from afar.

    Router viruses

    Your Wi-Fi router can also get infected with malware. Router malware usually redirects you to malicious pharming websites that can capture your personal data, and removing router viruses can be tricky.


    Trojans are disguised as legitimate software or are hidden in legitimate software that’s been tampered with. A Trojan’s job is to sneak onto your device and install additional malware.

    Droppers or loaders

    A dropper, sometimes referred to as a loader, is a type of trojan that extracts and installs, or “drops” a payload of malware onto a device upon launch. Droppers such as NeedleDropper are designed to be self-extracting, so they don’t need access to an outside server to deliver malware.

    Remote access trojans (RATs)

    Remote access trojans allow a cybercriminal to control an infected victim’s computer remotely. After the RAT is activated on a system, the attacker gains full administrative control to execute commands, receive data, and steal sensitive information. RATs can sometimes circumvent malware protection you have in place.


    Spyware is malware designed to spy on you. It hides in the background and collects your data, including passwords, GPS location, and financial information. Fortunately, you can remove spyware from your Mac or PC.

    Information stealers

    Information stealers, AKA infostealers or stealers, sit on a system and covertly gather valuable details from the victim. Infostealers targets include login credentials, cryptocurrency wallets, browser cookies, credit card information, and search history.


    Keyloggers are a type of spyware that hide on your device while recording all your keystrokes. They can capture login credentials, credit card numbers, and more.


    Stealware is a type of spyware that uses HTTP cookies to redirect payments, marketing revenue, or other financial commissions of a website to a third party. Stealware is often used to manipulate online banking systems and transfer money to the stealware operator.


    Worms are a bit different from viruses, because they can spread without a host file. Worms infect entire networks of devices, using each consecutively infected machine to infect others.


    Ransomware locks up your computer and your files, and threatens to erase everything unless you pay a ransom. It’s one of today’s most pressing malware threats, especially Ransomware-as-a-service (RaaS), where malware developers lease their ransomware software to other cybercriminals.


    Adware is malicious software that spams you with ads to generate revenue for the attacker. Adware undermines your security to serve you ads — which can give other malware an easy way in.


    Scareware uses social engineering tricks to frighten you into installing it. A fake pop-up warns you that your computer is infected with a virus, and the solution will be to download a scam “security” program — which infects your device.


    Botnets aren’t technically malware by themselves — they’re networks of infected computers that work together under the control of an attacker. Botnets are often used to commit DDoS attacks.


    Rootkits are a hard-to-detect form of malware that burrow deep into your computer to give a hacker full administrative access, including bypassing malware protection. The best way to deal with them is by using a dedicated rootkit removal tool.

    Browser hijackers

    Browser hijackers are malware that modify your web browser without your consent, and often without your knowledge. They may redirect you to harmful websites or spam you with extra ads. Removing browser hijackers can be straightforward, but it’s always good to use a browser built for privacy.

    SSL Strips

    An SSL (Secure Socket Layer) is the “S” in HTTPS, and means a site is secure. After your browser is hijacked, an SSL strip downgrades a website from HTTPS to HTTP, making it insecure so a hacker can intercept your activity.


    Cryptominer malware is malicious software that hijacks a victim’s computer’s processing power to mine cryptocurrency for the attacker in a practice known as cryptojacking. Many cryptominers use browser hijacking to take over computers, and target systems with access to powerful cloud processing.

    Logic bombs

    Logic bombs are bits of malicious code designed to execute after a specified condition has been met. Time bombs are a subset of logic bombs that lie dormant until a certain time or date.

    Malicious LLMs

    Language Learning Models (LLMs) help us in many ways — but they also make it easier for hackers to write malware programs, create scam emails, and social engineer victims into giving up sensitive data. It's debatable whether Malicious LLMs such as FraudGPT, WormGPT, and Love-GPT fit under the malware meaning, but what's not debatable is how AI has changed the cyberthreat landscape forever.

    How does malware work?

    Malware works by prompting you to perform an action that downloads the software onto your computer, such as clicking a link, opening an attachment, or visiting an infected website. Once on your machine, the malware’s payload begins the task it’s designed to perform — stealing your data, encrypting your files, installing additional malware, and so on.

    Malware will stay on your system until it’s been detected and removed. And some malicious software even tries to block specific malware protection you have, such as antivirus programs.

    How does malware spread?

    There are many malware attack vectors: downloading and installing an infected program, clicking an infected link, opening a malicious email attachment, or even using corrupted physical media like an infected USB drive.

    Malware attack delivery methods

    Here are some of the most common malware attack types to watch out for.

    • Email: If your email was hacked, malware can force your computer to send emails with infected attachments or links to malicious websites. When a recipient opens the attachment or clicks the link, the malware is installed on their computer, and the cycle repeats. Not opening attachments from unknown senders is an important part of good email security.

    • Messaging apps: Malware can spread by hijacking messaging apps to send infected attachments or malicious links to a victim’s contacts.

    • Infected ads: Hackers can load malware into ads and seed those ads on popular websites — a practice known as malvertising. When you click the infected ad, it downloads malware to your computer.

    • Pop-up alerts: Scareware uses fake security alerts to trick you into downloading bogus security software, which in some cases can be additional malware.

    • Drive-by downloads: A drive-by download happens when a malicious website automatically downloads malware onto your device. This happens as soon as you load the page — no clicks required. Hackers use DNS hijacking to automatically redirect you to these malicious sites.

    • Personal installation: People sometimes install parental control software on their partner’s computer or phone. When these apps are used without the victim’s consent, they become spyware.

    • Physical media: Hackers can load malware onto USB flash drives and wait for unsuspecting victims to plug them into their computers. This technique has been used in state or corporate espionage.

    • Exploits: Exploits are bits of code designed to take advantage of a vulnerability or security weakness in a piece of software or hardware. A blended threat is a specialized type of exploit package that targets multiple vulnerabilities at once.

    • Phishers: Phishing attacks take many forms, but the aim is always the same: to get you to click, tap, or open something that compromises your security. Phishers typically send a phishy link through email or SMS (smishing), but QR code phishing, or quishing, is a rising threat that redirects victims to malware-infected sites after scanning a QR code.

    Malware can spread in a variety of ways.Malware can spread in a variety of ways.

    Real-life malware attacks

    Many malware attacks happen silently, with victims never realizing the attack happened. Some malware attacks are so dangerous and widespread, they send shockwaves around the world.

    Here are some of the most notorious malware attack examples:

    Vienna virus

    In the late 1980s, the Vienna virus corrupted data and destroyed files. It was this virus that led to the creation of the world’s first antivirus tool.


    Melissa was a malicious virus from 1999 that used seductive messages to tempt victims into opening malicious Word documents and then forwarded itself to the first 50 addresses on the victim’s mailing list. Email servers at over 300 corporations and government agencies had to be shut down, and Melissa caused an estimated $80 million in damage.


    Stuxnet was a malicious worm discovered in 2010, reportedly developed by the United States and Israel as a cyberweapon during the Bush administration. Stuxnet spread through USB devices to infiltrate Iran’s nuclear facilities and destroy one-fifth of their centrifuges.


    EMOTET is a trojan that began spreading in 2014 through email attachments. EMOTET has since evolved into Malware-as-a-Service, and can be rented by cybercriminals to install other types of malware. Europol disrupted EMOTET in 2021, but it made a comeback in 2023 and remains one of the most persistent malware attack examples of the 21st century.


    In 2017, WannaCry quickly became the largest ransomware attack up until that time. It paralyzed governments, hospitals, and universities around the world and caused roughly $4 billion in damage.

    Petya and NotPetya

    These two ransomware strains both arrived in 2017, spreading far and wide — including to Ukraine’s national bank. The Petya/NotPetya malware attacks resulted in around $10 billion in damages worldwide.

    COVID-19 phishing scams

    In 2020, many cybercriminals took advantage of COVID-19 fears in a series of phishing and malware attacks. From spoofing the World Health Organization to offering fake remote jobs, hackers combined social engineering with simple phishing attacks to deploy malware and hijack sensitive personal data.


    Bumblebee is a malware loader that was widely used to drop banking Trojans, information stealers, and other payloads throughout 2022. Bumblebee re-emerged in 2024 with new malware attack vectors, such as email-based social engineering techniques. Once victims open infected Word documents, voice messages, or OneDrive URLs, Bumblebee drops a malware file that executes malicious commands in Windows PowerShell.

    How to detect, remove, and prevent malware

    When it comes to malware protection software, solid prevention is better than a magic cure. Security tools such as VPNs and ad blockers can enhance your privacy and security. But when it comes to cybersecurity against malware, a dedicated antivirus tool is your best bet.

    Incorporate the following tips into your digital lifestyle to help minimize your malware risk:

    • Don’t trust strangers online: Strange emails, abrupt alerts, fake profiles, and other scams are the most common methods of delivering malware. If you don’t know exactly what something is, don’t click it.

    • Double-check your downloads: From pirating sites to official storefronts, malware can lurk just around the corner. Before downloading, always double-check that the provider is trustworthy.

    • Use a VPN: A virtual private network (VPN) keeps you anonymous online by encrypting the data you send and receive online and hiding your IP address.

    • Get an ad blocker: Some infected ads can download malware as soon as they load on your screen. A reliable ad blocker doesn’t differentiate between what’s malware and what’s not — it can help block malicious ads (and annoying ones) altogether.

      AVG Secure Browser is a free browser that includes an array of built-in features, including an ad blocker, to help protect your privacy and secure your device against malware.

    • Be careful where you browse: Malware can hide in lots of places around the web, but it’s most commonly found on websites with poor backend security. If you’re visiting a large, reputable site, your risk of encountering malware is usually minimal.

    • Always update your software: Outdated software may have security vulnerabilities, which developers routinely patch with software updates. For the most up-to-date malware protection, always install the latest updates for your operating system (OS) and other software as soon as they become available.

    • Protect your devices with an antivirus app: Even if you follow all of the advice above, your device might still get infected with malware. For optimal protection, combine smart online habits with powerful anti-malware software like AVG AntiVirus FREE, which helps detect and stop malware before it can infect your PC, Mac, or mobile device.

    Can Macs and phones be affected by malware?

    PCs aren’t the only devices that get malware — phones and Macs can get malware, too. Any device connected to the internet is at risk, including your Mac, mobile phone, or tablet. And while Apple is quick to patch macOS against zero-day attacks after it detects them, Macs aren’t totally immune to malware. A Mac anti-malware app can help keep your Mac free of infections.

    Meanwhile, Android and iOS malware continues to evolve. And iPhone aren’t entirely threat-proof — especially if you’ve jailbroken your phone. But even sneaky malware like spyware can be removed from your iPhone with the right steps and tools.

    A malicious virus can come from anywhere, anytime, so scanning your device regularly as part of your overall device hygiene regimen can help you block threats before they take hold. Here are some malware protection tools to try on your devices:

    What to do if your device is infected by malware?

    Use a reliable malware removal tool to scan your device, find the malware on it, and clear the infection. Then, restart your device and scan it again to make sure the infection has been completely removed.

    Display of 2 unsecured threats found in AVG AntiVirus

    Before clearing the malware, you may need to restart your device in Safe Mode first to prevent the malicious software from affecting your antivirus tool. If you’re unsure if a program is malware, just scan it. Most malware detection software knows what’s malware and what isn’t. An antivirus scan is the best way to get rid of malware from your computer or clear a malware infection on your phone.

    So, how dangerous is malware?

    Malware is at the root of most cyberattacks, including large-scale data breaches that can lead to identity theft and fraud. AI makes it even easier for cybercriminals to author and deploy malware — attempted mobile malware attacks rose 500% in the first few months of 2022 alone.

    Malware is now a global business, meaning the security risk of malware can’t be overstated. Cybercriminals know how to use malware to be sneaky or destructive, and often work together to coordinate malware attacks against individuals, companies, and even governments. The World Economic Forum warns against the rise of RaaS, along with AI-assisted malware attacks.

    Protect yourself against malware with a world-class antivirus solution

    In addition to following all the malware protection and prevention guidance above, partner with a world leader in cybersecurity. AVG AntiVirus FREE is an award-winning anti-malware tool that offers real-time heuristic malware protection.

    Let AVG AntiVirus FREE detect and block malware before it infects your devices, and help clear up infections you may currently have. Plus, get always-on protection against Wi-Fi vulnerabilities and phishing attacks.

    Block malware and prevent threats with AVG AntiVirus for Android

    Free install

    Get real-time threat protection for your iPhone with AVG Mobile Security

    Free install
    Joseph Regan & Ivan Belcic