ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

Different types of malware and what they do

Nowadays, there are a wide variety of exploits that could infect your computer or mobile devices. Each exploit is different and carries out a specific task for its operator. In this guide, we will analyze those diverse malware categories and explain what they do.


Hackers use malware to gain footing on machines via the internet. At other times, malware and viruses may be transmitted via USB-connected hardware. Some malware self propagates to extend its reach to new victims, while other types remain concealed and dormant on your machine to steal data or use your processing power as part of a botnet used to carry out spamming or DDoS attacks. 

With so many different types of malware circulating in the wild, it is a good idea to educate yourself about the nature of those exploits, how they propagate, and how to avoid or deal with them if you are infected.

Types of malware

In this section, we will list the seven most common types of malware. For each variety, we will analyze common attack vectors to give you an idea of how you could become infected. Finally, we will provide tips and tricks for avoiding infection with malware.


A computer virus is one of the most well-known but misunderstood exploits circulating in the wild. The general public and the media are guilty of using the word 'virus' to describe an array of malware exploits. The reality, however, is that they are a specific type of infection with a specific task, and they are actually fairly uncommon nowadays – accounting for around 10% of infections.

A virus is a program that infects your computer to alter code, leading to corrupted programs. It works by replicating itself and injecting unwanted code into your existing software and files. Although a virus is always initially released by a threat actor, once it is in the wild it will propagate and spread from program to program, file to file, and machine to machine in a completely independent manner.

Although not all viruses are malicious, the vast majority are there to destroy data on the machines they infect. As such, they are a chaotic and damaging type of exploit. Because viruses embed themselves within software and files, the route to infection is broad. External hard drives, USB peripherals, email attachments, and downloads can all cause infection. And you can be infected via a network, a disk, and file sharing methods too. 

Some viruses cause damage as soon as they infect your device, while others lie dormant until a later date – when a specified event causes them to execute their destructive code suddenly – to corrupt files, and bring the machine to a standstill.

Viruses can also be extremely sneaky. Some can attach themselves to programs and files without increasing their size, which makes them hard to detect. Others ensure that the 'last modified' date remains the same, even after they alter the file or folder.


A worm is a self-replicating malware type that exploits vulnerabilities in Operating Systems. It is designed to spread and may or may not contain a payload designed to perform malicious tasks for its owner. Unlike a Virus, a worm is completely standalone software that does not require a host to spread across networks.

caterpillar on a mechanical keyboard

Another difference between viruses is that a worm does not alter files to spread and execute attacks. Instead, they reside in memory where they replicate, spread, and deliver their payload. The nature of a worm allows it to scan for connected machines with which to spread to, making use of security failures to infect more and more hosts extremely rapidly.

Worms don't always cause direct harm, however, they will incur costs through the consumption of bandwidth and other system resources. As a result, even worms without a payload can cause havoc by increasing network traffic and causing congestion, making the network or machine slow, and potentially halting tasks altogether.

Because worms are not limited by host programs and can instead take advantage of Operating System (OS) functions, they can carry out a wider variety of attacks. This can include payloads that delete files, encrypt files to engage in ransom (Ransomware), or steal valuable information such as personal details, intellectual property, passwords, or financial data.

Infection with a worm can occur via email attachments, downloads, file sharing methods, malicious links to infected websites, and direct navigation to malicious websites. It can also happen via direct contact with an already infected network or system. 


Trojans, particularly Remote Access Trojans (RATs) are one of the most dangerous malware types currently in circulation. A Trojan provides the attacker with root access to a device allowing the hacker to use all of its functions and access all of its assets.

A RAT remains concealed on the infected device by pretending to be a legitimate program. Once installed on a victim's device, it communicates with a Command and Control (CnC) server controlled by the hacker. This gives the attacker the ability to steal data, use device functions, and to deliver additional payloads such as spyware. 

trojan horse in code

People usually become infected with a Trojan by accidentally installing the malicious version of an app. The easiest route to infection is by downloading apps from third party app stores or untrusted sources. However, people may also become infected via malicious email attachments and links to infected websites.

iOS users are unlikely to become infected with a Trojan unless they jailbreak the device. This undoes the sandbox security environment in the iOS operating system, which ensures apps are segregated and cannot communicate with each other.

Once infected with a Trojan, the attacker can begin accessing all the data on a device, including the photos, videos, text files, apps, downloads, passwords, and anything else stored on the device.

In addition, the hacker can begin using any of its assets including by turning on the camera, listening to the microphone, making calls, and reading emails and texts. In addition, the attacker may install secondary exploits such as keystroke loggers and spyware designed to track the user's location.

Trojans can also be designed to move laterally across a network, allowing them to infect more machines while also avoiding detection. One of the big problems with Trojans is that they are available on deep web marketplaces for sale, and they are being sold and developed en masse. This makes it hard for antivirus vendors to keep up with all the signatures. As a result, it is vital that internet users actively avoid becoming infected by engaging in optimal operations security (OpSec).


Ransomware is a type of malware that has risen in prominence enormously in recent years. It is regularly used by cybercriminals to target businesses, universities, hospitals, and also individual consumers.

Computer screen with your files are encrypted on it

When infected with Ransomware, the attacker uses robust encryption to lock the victim out of their network or device. As a result, they can no longer access any of their important data, and may not be able to use their system to engage in work.

After locking the owner out of their device, the hacker will demand a ransom, usually payable in the cryptocurrency, Bitcoin. After receiving the payment, the hacker will typically remove the ransomware and bequeath access to the system.

The danger of paying a ransom is that you can never know for certain that the hacker will not ask for even more money, or that they haven't made copies of the stolen data in order to sell it or leak it online at a later date. As a result, a ransomware attack may cause privacy breaches or exposure to privacy and security legislation compliance repercussions.

Ransomware is usually spread via social engineering, meaning that the hacker successfully tricks the victim into accepting the infection, either via phishing emails, SMS messages, social media messages, or using malicious websites, website clones, and infected app downloads. File sharing methods, such as torrenting, may also cause the victim to become infected. 

Preventing exposure to ransomware involves both good OpSec and an awareness of social engineering methods and phishing. In addition, it is important to have a reliable cloud backup system in place to ensure that data is stored in a secondary location and can be recovered in the event of an attack.


This prevalent malware type is used to snoop on the device of the user it infects. People often use it to snoop on the devices of loved ones, or to engage in espionage on work colleagues. It is often also surreptitiously concealed within legitimate free computer programs to allow the application's developer to harvest user data in order to create a revenue stream.

A study by CSIRO, for example, revealed that a large proportion of free VPNs contain spyware and tracking libraries. This is why we always warn against using free VPNs, and highly recommend that users pay for a secure no logs provider to ensure that their privacy is not being breached.

cartoon of laptop with eye on screen

Spyware can allow the attacker to log keystrokes, read emails, track the victim's GPS location, and access other personal information for the purposes of engaging in snooping.

People usually become infected with spyware via social engineering methods that trick them into accepting the infection. However, individuals may also become infected by somebody with direct access to the machine. The only upside to a Spyware infection is that it can usually be remedied with great ease simply by removing the offending program. Check out our free anti-spyware article for a list of free services that will help you prevent your devices from being infected. 


Adware is designed to force adverts onto the victim causing their browser experience to get sluggish, and causing them to be inundated with adverts on the web pages they visit and potentially within the apps they use. Adware often serves specific adverts that when viewed create a revenue stream for the attacker. 

Adware can become more dangerous when it redirects victims to cloned versions of pages that contain malicious adverts. These adverts can be an attack vector for social engineering attacks, including things like tech support scams that cause the user to become infected with malware or to provide remote access to their computer to hackers.

Adware that redirects a victim to malicious or cloned websites can also potentially result in drive-by malware infections or exposure to scam adverts designed to phish the user of their payment details. 


This is an attack vector that delivers malware to victims via legitimate ads or ad networks. Cybercriminals engage in this type of attack by paying for ad space on a legitimate website.

Malvertising website

Those ads forward users to malicious websites that contain malware or that cause payment information to be stolen if the user makes a purchase. Cybercriminals have even been known to compromise entire ad networks, resulting in malicious adverts being served on multiple high-level websites including Amazon, Google, and the New York Times.

Instagram is particularly concerning when it comes to malvertizing posts on user feeds, and there is also a prevalence of malvertizing posts on Facebook, where you will usually see hundreds of people warning you away in the comments below. 

How to prevent malware infections

Below, we will provide important tips for avoiding malware infection.

Use a reliable antivirus program

Leading antivirus programs are designed to constantly scan incoming files to ensure you do not accidentally download malware. In addition, they regularly scan the contents of your computer or mobile device to identify and remove exploits.

The very best antivirus programs can protect against all forms of malware, and will automatically update their library of threat definitions regularly, to ensure you are always protected against newly discovered exploits.

If you are not using an antivirus program with real-time protection, you are vastly increasing your chances of becoming infected with malware, which is foolish because there are free antivirus programs available on the market. 

Check out our recommended best antiviruses to find a reliable antivirus program that will keep your computer or mobile device safe. 

Turn on your Firewall

A firewall provides rules that ensure that your computer is safe against cyberattacks. It provides network security by monitoring and managing all incoming packets, and this ensures that your computer is not receiving unwanted packets from untrusted sources that you are not deliberately communicating with. A firewall achieves this by setting up an invisible barrier between your device and the network you are connected to (usually the internet). 

The very best firewalls scan not just incoming hackers but also outgoing packets for signs of unwanted behavior. This allows those firewalls to identify traffic from unwanted programs such as RATs. As a result, the firewall can block the malware from communicating with a CnC server to steal data or cause infection with secondary payloads. 

Avoid malicious websites

The best antivirus programs include protection against malicious websites using libraries of known malicious sites to block webpages that contain malware or other known exploits, this allows the antivirus to block pages in real-time by issuing the user with a warning that they are about to enter a dangerous website. 

Besides this layer of protection, it is vital that you are always extremely careful when surfing the web. Carefully consider the URL of the websites you find via search engines, including by checking that the site is HTTPS and has the lock symbol. In addition, check that a site is legitimate by using online tools such as Trustpilot.

Unless you are certain that a website is safe, never enter any personal information. This could result in your data being stolen for the purposes of identity theft and fraud. 

Be careful when opening emails and messages

Social engineering attacks and phishing are the most common route to infection nowadays. As such, it's vital that you are extremely careful when opening emails, SMS messages, and direct messages on social media.

Always consider incoming communications carefully, and if they leverage your emotions against you, then proceed with extreme caution. Social engineering uses excitement, desire, and fear to make you act on impulse, coercing you into following links or providing information about yourself.

When you receive any incoming messages that are unsolicited, be careful not to follow any links contained within the messages, even if they are for a service you genuinely use. Instead, head over to the website or service directly in your browser to ensure it does not redirect you to a cloned or malicious website.

For information on how to get rid of malware follow the link to our guide.

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 


There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: