25 Common Types of Malware & How To Identify Them

Viruses, worms, ransomware — even the least tech-savvy among us know what these are, and want to avoid them if at all possible. What do they all have in common (besides the fact that they can lock up your devices and attempt to steal your data)? They all fall under the malware umbrella.

What is Malware?

Malware is any software designed to cause harm to a device, system, network, or data. Unlike software bugs, which cause damage by mistake, malware is intentionally created to cause damage.

Malware has existed longer than the modern Internet. The first viruses were written in the 1970s, and a decade later, viruses were spread via floppy disks to personal computers. Since then, the malware family has expanded considerably and can do much more damage, not just to a personal computer but to an entire organization.

Modern cyber threats have evolved dramatically, requiring sophisticated threat intelligence and a comprehensive cybersecurity strategy to combat them effectively. Below are several types of malware and some traits that will help you identify each. Understanding these examples of malware is crucial for developing effective defense strategies against cyberattacks.

Examples of Malware

1. Viruses

A virus is a self-replicating program that usually hides in the code of a host program. When “infecting” a computer, the virus replicates itself and inserts its code into another program.

Viruses are the oldest form of malware, as mentioned above. The theory behind the computer virus was first written about in 1949, and the Creeper Virus was first detected on ARPANET in 1971. It’s goal was to display a message: “I’m the creeper, catch me if you can!”

While the first viruses were written as experiments or pranks, they later became malicious and are now used to make a profit, sabotage systems, expose, or exploit security vulnerabilities. Modern Trojan virus variants often target boot sectors and can execute malicious Javascript code to compromise systems.

Viruses are spread in several ways. They might be sent through phishing scams, downloaded from suspicious websites, or hidden in XML files and documents using macro language. Modern viruses perform several functions, from creating system failures to keylogging and skimming information.

2. Worms

Like viruses, worms self-replicate, using networks to spread and duplicate, often without human help. Worms rely on vulnerabilities within computers to spread and access new machines, scanning for new hosts and replicating as they move from device to device.

The infamous Morris worm of 1988 was one of the first major internet worms. It infected approximately 6,000 computers, representing about 10% of all computers connected to the Internet at that time. More recently, the Mirai botnet demonstrated how worms can target IoT devices specifically.

Worms don’t necessarily corrupt data but take up bandwidth and increase network traffic. Most worms are designed only to spread but some contain malicious code, known as a payload. The WannaCry worm is an example of that; WannaCry was a worm that carried ransomware with it as it exploited the EternalBlue vulnerability in Microsoft Exchange Server and other Windows systems.

3. Trojan Horses

Like the famous ancient Greek wooden horse that looked like a gift of peace, but contained Greek soldiers bent on conquering the city of Troy, a trojan horse is a malicious program pretending to be legitimate software. A user might click on an attachment in a phishing email; when the file is opened, the trojan will install, bringing its payload, which can be a variety of malicious software.

Many trojans create backdoors into a system. Modern trojans often hide in legitimate downloads from GitHub repositories or software distribution platforms, making them particularly dangerous for organizations without proper threat hunting capabilities.

4. Backdoor

A backdoor lets criminals access a system while bypassing normal authentication processes. It’s often used to give bad actors remote access to a device or a network. While many backdoors are covert, some are legitimate and well known; manufacturers may create them to help users access locked systems.

Advanced backdoors now target cloud infrastructure, including Cisco Networking Cloud environments, and can bypass Zero-Trust Network Access controls if not correctly configured.

5. Ransomware

Ransomware is very popular among cybercriminals. Ransomware attacks have been on the rise lately and several high-profile ransomware attacks have occurred in recent years. Notable examples include Petya ransomware, which caused widespread disruption to organizations worldwide.

Ransomware is malware designed to deny the user of a device or system access to their network, hardware, and data until a ransom is paid, usually in cryptocurrency. The attackers typically provide a decryption key only after payment is received, though there’s no guarantee the key will work properly.

This can be damaging for several reasons: ransomware attacks can cause a prolonged lack of productivity, data leaks, theft of sensitive data, and sometimes, the exposure of private information on the public Internet. Modern ransomware often employs artificial intelligence to identify high-value targets and optimize attack strategies.

6. Spyware

Spyware is malware that spies on a victim. It gathers information about a person or organization and sends it back to the attacker. Sometimes spyware installs software or changes the user’s settings on a device. The goal is most often financial; spyware often captures bank and credit card information as well as other valuable data. The good news about spyware is that once you’re aware of it, it’s often easy to remove. It is, in fact, a form of grayware.

7. Grayware

Grayware isn’t exactly malware, but it’s worth mentioning. Grayware is not actively malicious; it’s software that falls in a gray area. It’s unwanted and tends to slow down a computer. While the grayware is often irritating at most, the fact that it can gain access to the computer is a greater concern. If grayware can get onto your computer, your organization has holes in its security that need to be remediated.

8. Adware

Adware is a type of grayware and, as its name suggests, its purpose is to display advertisements on your screen, generating revenue for the owner of the ad. Often better known as popups, Adware rides in on a trojan horse and installs itself on your computer or phone. It doesn’t harm much, but it’s annoying and can slow down your device.

9. Keyloggers

Keystroke loggers, or keyloggers, are malware that covertly monitor and record the keystrokes typed on a specific computer’s keyboard or smartphone. The program then sends the information to its owner, who can view whatever has been typed. Although there are some legitimate uses of keyloggers (tracking technology misuse at work, for example), most keyloggers are used to divulge information like payment details and passwords.

10. Rootkits

Rootkits are software tools that allow attackers to access and control a device, usually without being detected. Once a rootkit has been installed, the attacker can remotely execute files and change system configurations on the host machine. Rootkit installation can be automated, or an attacker can install it with administrator access. This fact and the fact that rootkits use other programs to mask their presence can make it difficult to detect and remove a rootkit.

11. Fileless Malware

Fileless malware is another attack that’s hard to track, because it has no files. Instead it uses legitimate programs to infect a computer or network, operating entirely in a machine’s RAM. Since it exists only in memory, it leaves no files behind and provides no clear footprint for security teams to trace.

Usually delivered via phishing campaigns, fileless attacks slip around anti-malware software but can be stopped by rebooting a system.

12. Malvertising

Malicious advertising, or malvertising, uses ads to spread malware. It is often placed on legitimate sites. When the ads are clicked on, the user downloads the malware.

13. Bots

When a computer is infected with malware that allows it to be remotely controlled by an attacker, it becomes a bot or zombie. An attacker then uses that computer to launch more cyber attacks.

14. Botnets

Botnets are a collection of bots, frequently controlled by the same attacker. Botnets are often used in distributed denial of service (DDoS) attacks, spreading ransomware, and spreading other types of malware.

15. Hijackware

Hijackware is malware that infects a web browser and takes control of a browser’s settings to redirect the user to websites or advertisements. Also known as browser hijacking, hijackware can change a user’s homepage or install new toolbars.

16. Crimeware

Crimeware is malware designed to automate cybercrime, usually identity theft, although it can also be used to steal money or proprietary information.

17. Mobile Malware

Sometimes mobile apps are not what they seem. Malicious apps can steal user information, attempt to extort users, gain access to corporate networks, force users to view unwanted ads, or install a backdoor on the device. IoT malware targets internet-connected devices, creating massive vulnerabilities in smart home and industrial systems.

18. Social Engineering and Phishing

These aren’t malware, but they should be mentioned because most malware wouldn’t be delivered without social engineering attacks and phishing campaigns. Social engineering is an attack targeting people, often specific people. Phishing occurs when an attacker sends a message that seems legitimate but is the vehicle for malware or induces a user to visit a malicious website.

19. RAM Scrapers

RAM scrapers harvest the data temporarily stored in memory or RAM. This type of malware is often used to attack point-of-sale (POS) systems like cash registers because they can store unencrypted credit card numbers briefly before encrypting them.

20. Web Skimmers

Much like scrapers, web skimmers often target payment information and POS systems. Web skimmers are usually pieces of malicious code inserted into a payment page that skim and store payment information and then send it back to the attacker.

21. Rogue Security Software

Rogue security software is also called scareware. It tricks users into believing a virus exists on their computer and tries to convince them to pay for a fake malware removal tool. That tool, unfortunately, actually installs malware on their computer.

22. SQL Injection Malware

SQL injection attacks involve inserting malicious code into SQL statements, allowing attackers to access, modify, or delete database information. While not traditional malware, SQL injection can deliver malware payloads or extract sensitive data from databases.

23. Cryptojacking

Cryptojacking is a type of attack that steals a victim’s device’s computing power to mine cryptocurrency.

24. Exotics

To thwart security teams, some attackers are using exotic and obscure programming languages to write malware. These languages help the malware circumvent some programs written to detect it.

25. Hybrid Malware

Malware is rarely only one type or another. Today, most malware is a combination of existing malware attacks, often a mix of trojan horses (to get the malware into a system), worms (to help it replicate), and ransomware (so the attacker can profit).

How SecurityScorecard Can Help

The threat landscape is constantly evolving, with new malware examples emerging regularly that target both traditional IT infrastructure and modern cloud environments. SecurityScorecard’s easy-to-read A-F rating scale makes scanning for threats and vulnerabilities that an attacker might exploit easier.

SecurityScorecard’s ratings provide visibility into ten risk factors, including IP reputation, endpoint security, network security, web application security, DNS health, patching cadence, hacker chatter, leaked credentials, and social engineering. Since we continuously monitor for risks and send actionable alerts, IT departments can respond in real-time to new risks.

Our platform integrates seamlessly with existing security tools and provides comprehensive threat intelligence capabilities to help organizations stay ahead of emerging threats. Whether you’re dealing with traditional malware or sophisticated cyber attacks, SecurityScorecard’s security ratings provide the visibility you need to protect your organization and third-party vendors.