AVG Signal Blog Security Malware What Is Malware? The Ultimate Guide to Malware

What is malware?

Malware is any type of software created to harm or exploit another piece of software or hardware. Malware is a collective term used to describe viruses, ransomware, spyware, Trojans, and any other type of code or software that’s built with malicious intent.

This article contains:

    It’s this malicious intent that characterizes the malware definition — the meaning of malware is the damage it can inflict on a computer, computer system, server, or network. It’s the how and the why that separate one type of malware from the next.

    That’s why all viruses are malware, but not all types of malware are viruses. Viruses are just one type of malicious software.

    What does malware do?

    Malware can crack weak passwords, bore into systems, and spread through networks. Other types of malware can lock up important files, spam you with ads, or redirect you to malicious websites. Malware attacks can result in anything from data theft to the destruction of entire systems or devices. 

    Malware is at the root of most cyberattacks, including the large-scale data breaches that lead to widespread identity theft and fraud. Hackers aim malware attacks against individuals, companies, and even governments.

    Malware is a broad category, with different forms of malware impacting devices and systems in various ways. Let’s examine some of the most common forms of malware.

    Types of malware

    Common types of malware include viruses, Trojans, spyware, keyloggers, worms, ransomware, adware, scareware, rootkits, cryptominers, and logic bombs. The categories are based on how malware works and how it spreads.


    Viruses infect clean files and spread to other clean files. They can spread uncontrollably, damaging a system’s core functionality and deleting or corrupting files.


    Trojans are disguised as legitimate software or are hidden in legitimate software that’s been tampered with. A Trojan’s job is to sneak onto your device and install additional malware.


    Spyware is malware designed to spy on you. It hides in the background and collects your data, including passwords, GPS location, and financial information.


    Keyloggers are a type of spyware that hide on your device while recording all your keystrokes. They can capture login credentials, credit card numbers, and more.


    Worms are a bit different from viruses, because they can spread without a host file. Worms infect entire networks of devices, using each consecutively infected machine to infect others.


    Ransomware locks up your computer and your files, and threatens to erase everything unless you pay a ransom. It’s one of today’s most pressing malware threats.


    Adware is malware that spams you with ads to generate revenue for the attacker. Adware undermines your security to serve you ads — which can give other malware an easy way in.


    Scareware uses social engineering tricks to frighten you into installing it. A fake pop-up warns you that your computer is infected with a virus, and the solution will be to download a scam “security” program.


    Botnets aren’t technically malware — they’re networks of infected computers that work together under the control of an attacker. Botnets are often used to commit DDoS attacks.


    Rootkits are a dangerous and hard-to-detect form of malware that burrow deep into your computer to give a hacker full administrative access. The best way to deal with them is by using a dedicated rootkit removal tool.


    Cryptominer malware forces a victim’s computer to mine cryptocurrency for the attacker in a practice known as cryptojacking. Many cryptominers use browser hijacking to take over computers.

    icon_11Logic bombs

    Logic bombs are bits of malicious code designed to execute after a specified condition has been met. Time bombs are a subset of logic bombs that lie dormant until a certain time or date.

    Examples of malware attacks

    Many malware attacks happen silently, with victims never realizing the attack happened. Some malware attacks are so dangerous and widespread, they send shockwaves around the world. Here are some of the most notorious malware examples:

    • Vienna virus: The history of malware began in the 1960s with relatively harmless viruses that spread without causing much damage. It wasn’t until the late 1980s that malware turned nasty with the Vienna virus. The Vienna virus corrupted data and destroyed files — and led to the creation of the world’s first antivirus tool.

    • WannaCry: In 2017, WannaCry quickly became the largest ransomware attack in history. It paralyzed governments, hospitals, and universities around the world and caused roughly $4 billion in damage.

    • Petya and NotPetya: These two ransomware strains both arrived in 2017, spreading far and wide — including to Ukraine’s national bank. The Petya and NotPetya malware attacks resulted in around $10 billion in damage worldwide.

    • Equifax data breach: Hackers pulled off one of the most devastating data breaches in history when they managed to crack US credit bureau Equifax in 2017 and access sensitive personal data of 147 million people.

    • COVID-19–related phishing scams: In 2020, many cybercriminals took advantage COVID-19 fears in a series of phishing and malware attacks. From spoofing the World Health Organization to offering fake remote jobs, hackers used phishing attacks to deploy malware and hijack sensitive personal data.

    How does malware spread?

    Malware can spread in a variety of ways: when you download and install an infected program, when you click an infected link or open a malicious email attachment, or even sometimes when you use corrupted physical media like a USB drive.

    Here are some of the most common malware delivery methods to watch out for.

    • Email: If your email has been hacked, malware can force your computer to send emails with infected attachments or links to malicious websites. When a recipient opens the attachment or clicks the link, the malware is installed on their computer, and the cycle repeats.

      Refusing to open attachments from unknown senders is an important part of good email security.

    • Messaging apps: Malware can spread by hijacking messaging clients to send infected attachments or malicious links to a victim’s contacts.

    • Infected ads: Hackers can load malware into ads and seed those ads on popular websites. When you click the infected ad, it downloads malware to your computer. 

    • Pop-up alerts: Scareware uses fake security alerts to trick you into downloading bogus security software, which in some cases can be additional malware.

    • Drive-by downloads: A drive-by download happens when a malicious website automatically downloads malware onto your device. This happens as soon as you load the page — no clicks required. Hackers use DNS hijacking to automatically redirect you to these malicious sites.

    • Personal installation: People sometimes install parental control software on their partner’s computer or phone. When these apps are used without the victim’s consent, they become spyware.

    • Physical media: Hackers can load malware onto USB flash drives and wait for unsuspecting victims to plug them into their computers. This technique is often used in corporate espionage.

    • Exploits: Exploits are bits of code designed to take advantage of a vulnerability, or security weakness, in a piece of software or hardware. A blended threat is a specialized type of exploit package that targets multiple vulnerabilities at once.

      Malware refers to various types of malicious software that can spread in a variety of ways — through ads, emails, exploits, and other vectors.

      Malware can spread in a variety of ways.

    Who creates malware, and why?

    Malware is created by hackers, thieves, blackmailers, scammers, organized crime syndicates, private corporations, and even governments. Typical goals are data theft, file and network damage, and financial gain.

    Early computer viruses were created for fun, with no malicious intent beyond a simple prank. But now “prankster” malware is vastly outnumbered by malware that causes real and severe damage.

    The who and why of malware are closely related, because all malware is created for a specific purpose. Here are several of the most common reasons why people create and use malware.

    Why do people use malware?

    Let’s look at why people use malware to get an idea of who’s creating the malware in the first place, and what purposes it serves.

    • Data theft: Cybercriminals can steal data and either use it to commit identity theft or sell it on the dark web to other cybercriminals.

      Malware-based data theft ranges from redirecting people to pharming websites, to capturing passwords with spyware, to large-scale data breaches.

    • Corporate espionage: Data theft on a corporate scale is known as corporate espionage. Companies can steal secrets from their competitors, and governments often target large corporations as well.

    • Cyberwarfare and international espionage: Governments around the world are frequently accused of using malware against other countries and large corporations. 

    • Sabotage: Sometimes, damage is the goal. Attackers can delete files, wipe records, or shut down entire organizations to cause millions of dollars of damage.

    • Extortion: Ransomware encrypts a victim’s files or device and demands a payment for the decryption key. The purpose is to get the victim — a person, institution, or government — to pay the ransom.

    • Law enforcement: Police and other government authorities can use spyware to monitor suspects and harvest information to use in their investigations.

    • Entrepreneurship: Many potent strains of ransomware are available to anyone as ransomware-as-a-service (RaaS), where the developer licenses their malware in exchange for an up-front fee or a cut of every payment.

    • DDoS attacks: Hackers can use malware to create botnets — linked networks of “zombie computers” under the attacker’s control. The botnet is then used to overload a server in a distributed denial of service (DDoS) attack.

    • Mining cryptocurrency: Cryptominers force a victim’s computer to generate, or mine, bitcoin or other cryptocurrency for the attacker.

    How to prevent malware

    When it comes to malware, prevention is better than a cure. Incorporate the following tips into your digital lifestyle to minimize your malware risk and protect yourself against a potential attack. 

    • Don’t trust strangers online. Strange emails, abrupt alerts, fake profiles, and other scams are the most common methods of delivering malware. If you don’t know exactly what something is, don’t click on it.

    • Double-check your downloads. From pirating sites to official storefronts, malware is often lurking just around the corner. Before downloading, always double-check that the provider is trustworthy.

    • Get an ad blocker. Malvertising — where hackers inject malicious code into otherwise legitimate advertising networks — is on the rise. Counter it by blocking ads with a reliable ad blocker. Some infected ads can download malware as soon as they load on your screen, without needing you to click on them.

      AVG Secure Browser is a free browser that includes many built-in features, including an ad blocker, to protect your privacy and secure your device against malware.

    • Be careful where you browse. Malware can be found anywhere, but it’s most commonly found on websites with poor backend security. If you stick to large, reputable sites, you severely reduce your risk of encountering malware.

    • Always update your software. Outdated software may have security vulnerabilities, and developers routinely patch these with software updates. Always install updates for your operating system (OS) and other software as soon as they become available.

    • Protect your devices with an antivirus app. Even if you follow all of the advice above, your device might still get infected with malware. For optimal protection, combine smart online habits with powerful anti-malware software like AVG AntiVirus FREE, which detects and stops malware before it can infect your PC, Mac, or mobile device.

    What are the signs of a malware infection?

    The world of malware is diverse, but many types of malware share similar warning signs. Monitor your device for the following symptoms of a malware infection:

    • Sudden performance drops: Malware can occupy a lot of your device’s processing power, resulting in severe slowdowns. That’s why removing malware is one way to speed up your PC.

    • Frequent crashes and freezing: Some malware will cause your computer to freeze or crash, while other types will cause crashes by consuming too much RAM or CPU power.

    • Deleted or corrupted files: Damage-oriented malware often deletes or corrupts files as part of its plan to cause as much chaos as possible.

    • Lots of pop-up ads: Adware’s sole job is to spam you with pop-ups. Other types of malware may cause pop-up ads and alerts as well.

    • Browser redirects: If your browser keeps sending you to sites that you aren’t trying to visit, a malware attack may have made changes to your DNS settings.

    • Your contacts report receiving strange messages from you: Some malware spreads by emailing or messaging victims’ contacts. Secure messaging apps can help protect your communications from eavesdroppers.

    • You see a ransom note: Ransomware wants you to know it’s there — it’ll take over your screen with a ransom note demanding payment to get your files back.

    • Unfamiliar apps: Malware can install additional apps on your device. If you see new programs that you didn’t install yourself, it may be the result of a malware attack.

    Certain strains of malware are easier to detect than others. Ransomware and adware are usually visible immediately, while spyware wants to stay hidden. The only surefire way to detect all malware before it infects your PC, Mac, or mobile device is with a dedicated antivirus tool.

    AVG AntiVirus FREE combines the world’s largest threat-detection network with an award-winning cybersecurity engine to scan and remove malware on your device while blocking new malware trying to infect it.

    Other security tools can also protect your privacy and security. A virtual private network (VPN) encrypts your internet connection and hides your IP address to keep you anonymous online. But when it comes to fighting malware, a dedicated antivirus tool is your best bet.

    How to detect malware on PC

    An antivirus scan is the best way to detect malware on your device. Even without antivirus scanning software, you can scan your PC for malware using Windows’ built-in tools. Here’s how to manually detect malware on Windows:

    1. Open your Settings from the Start menu.

      Opening the settings from the Start menu in Windows 10
    2. Click Update & Security.

      Opening the Update & Security settings in Windows 10
    3. Choose Windows Security in the left-side menu and click Open Windows Security.

      Accessing the Windows Security settings in Windows 10
    4. Select Virus & threat protection in the left-side menu and click Quick scan to scan and detect malware on your PC.

      Using the Quick Scan function in Windows 10 to check for malware
    5. Windows Security will scan your PC and show you if it detects any malware.

    How to detect malware on Mac

    You can detect malware on your Mac with the Activity Monitor utility.

    1. Open a Finder window. Click Applications on the left-side menu, and then scroll down and open the Utilities folder. Next, double-click on Activity Monitor to open it.

      Opening the Activity Manager in macOS
    2. Look through the list of active programs for anything you don’t recognize, especially any unfamiliar apps that are using a high amount of CPU or memory. Click CPU and Memory along the top menu to sort by usage.

      The Activity Manager in macOS
    3. If you can’t detect anything malicious this way, try downloading a dedicated Mac malware tool.

    How to remove malware

    Each form of malware has its own way of infecting and damaging computers and data, which means that removal strategies may differ from one type to the next. Here are a few general steps for getting rid of viruses and removing malware from your computer.

    1. Download a malware removal tool from a reliable source.

    2. Run an antivirus scan to detect the malware.

    3. Let the antivirus app identify and remove the malware.

    4. Restart your computer.

    5. Restore any damaged files or programs from a malware-free backup.

    If you suspect you might have malware on your phone, see our guide to removing mobile malware.

    The best way to stay protected or remove an infection is to use top-ranked cybersecurity software like AVG AntiVirus FREE. You’ll enjoy real-time, 24/7 protection against all types of malware. Remove any infections on your device while preventing new malware attacks from reaching you — totally free.

    Does malware affect Macs?

    MacBooks and other Macs have a reputation for being virus-proof, largely due to macOS (formerly known as Mac OS X) not being a very popular malware target. For most of computing history, the majority of people owned Windows PCs, not Apple computers — so that’s where malware creators directed their efforts.

    But this is no longer true, as there is plenty of Mac-specific malware out there. Apple is diligent when it comes to issuing OS updates to patch zero-day security holes, but you should give your MacBook an extra layer of defense with AVG AntiVirus for Mac — a free, world-class cybersecurity app designed specifically for Macs.

    Does malware affect phones?

    PCs aren’t the only devices that get malware: any device that can connect to the internet is at risk, including your mobile phone or tablet. On Android, phishing websites, fake apps, and unofficial app stores are the main distributors of malicious software. 

    Android malware, much like PC malware, can cause all kinds of damage. From Android spyware to Android ransomware to physical theft, there are plenty of threats to your device. Download a free Android antivirus like AVG AntiVirus for Android to make sure your phone is protected against anything and everything malicious online.

    Compared to Android, iOS is a much more malware-resistant operating system. There aren’t any iPhone viruses, but that doesn’t mean iOS is entirely threat-proof either — especially if you’ve jailbroken your phone. AVG Mobile Security for iOS secures your iPhone and iPad against Wi-Fi threats, data leaks, and more.

    History of malware

    Malware has been around just about as long as computers have. Here’s a brief look at significant malware developments over the years — from its origins as a hacking challenge, through the history of viruses, to the cause of worldwide crises.

    • 1971: Robert H. Thomas develops the Creeper worm, the first recorded example of a virus-like malware program. It could move from one system to another while displaying the message, “I’m the Creeper: Catch me if you can.”

    • 1982: Created by a 15-year-old programmer, the Elk Cloner is one of the first self-replicating viruses to infect personal computers.

    • 1986: Brain is the first known example of a virus that can infect IBM computers running MS-DOS.

    • 1999: The Melissa macro virus makes global waves as the first example of malware to spread via email.

    • 2000: Right on the heels of the Melissa virus, the ILOVEYOU worm explodes around the world to infect 50 million computers. Several similar worms and viruses would emerge and run rampant across the globe through the 2000s, culminating in the Stuxnet worm of 2010.

    • 2011: The source code for 2007’s Zeus Trojan (aka Zbot) is released to the public, leading to the creation of one of the most successful botnets of all time.

    • 2013: The Cryptolocker ransomware emerges as one of the early indicators of the impending ransomware boom of the 2010s, which included Cerber (2016) as well as WannaCry, Petya, and NotPetya in 2017.

      2013 also marks the arrival of FakeDefender, one of the first major examples of Android ransomware.

    • 2020: The Emotet Trojan, first seen in 2014, makes a big resurgence by spreading malware that can steal banking credentials.

      The history of malware, including the 1971 Creeper worm, the Stuxnet worm in 2010, and the WanaCry ransomware attack in 2017.The history of malware, from its origins as a hacking challenge to today’s global crises.

    Malware trends

    The past few years in malware have been dominated largely by ransomware, while adware is the preeminent Android threat. Meanwhile, supply chain attacks let hackers breach multiple organizations with a single attack.

    The era of ransomware

    Since its emergence in the 2010s, ransomware has remained one of the world’s most serious malware threats — to the point where ransomware negotiator is now a viable career path.

    While cybersecurity experts tend to agree that negotiating with cybercriminals is a bad idea, businesses targeted by ransomware are desperate to get their files back. The ransom payments and negotiation fees are far smaller than the potential damages they face.

    Ransomware as a service (RaaS)

    The rise of RaaS means that anyone can carry out a ransomware attack, even without any programming knowledge. All you need to do is license the ransomware from its developer, and you’re ready to begin your malware attack. Many RaaS programs come with a botnet that handles the ransomware distribution as well.

    Android adware

    According to a recent study by leading cybersecurity experts Avast, adware represented 45% of all Android threats during the first five months of 2021. Fake apps were next at 16%, with banking Trojans — malicious apps that fool you into installing them before hijacking your financial information — coming in at 10%.

    Supply chain attacks

    Corporations, governments, and other organizations don’t develop all the software they use. Instead, they’ll bring in third-party solutions to manage their internal systems. If a hacker discovers a vulnerability in one of these programs, they can exploit it to access the rest of the target organization’s network.

    Zoom, never more popular than during the COVID-19 pandemic, contains serious vulnerabilities. The recent SolarWinds breach allowed attackers to reach inside many of the company’s clients, including Microsoft and the US government.

    Protect yourself against malware with a world-class antivirus solution

    With so many types of malware out there, it’s harder every day to avoid them all. In addition to following all the malware prevention guidance above, you should partner with a world leader in cybersecurity. AVG AntiVirus FREE is an award-winning anti-malware tool that defends your devices against malware in real time.

    Detect and block all types of malware before they infect your devices, and clear up any infections you may currently have. Plus, get always-on protection against Wi-Fi vulnerabilities and phishing attacks. Start your top-ranked protection today with AVG.

    Protect your Android against threats with AVG AntiVirus

    Free install

    Protect your iPhone against threats with AVG Mobile Security

    Free install