What is malware? How is it commonly delivered?
Malware describes a broad range of malicious applications designed to cause damage to a computer system or network. A type of malware could include viruses and trojan horses (malicious snippets of code hidden within legitimate code), zero-day threats, backdoors (methods for bypassing standard login procedures), keyloggers (code capturing everything a user types, including login credentials), spyware (applications designed to quietly collect a user’s personal information and working habits without their knowledge), man-in-the-middle attacks (an eavesdropping attack where attackers disrupt a data transfer or type of communication) and adware (designed to deliver or replace advertisements with the attacker’s own ads).
Malware can result in a wide range of problems for victim users and enterprises. In some cases, malware may go unnoticed for months or years, quietly stealing information or generating advertisements on users’ web browsers. Malware may lay low until it is called into the service of a botnet. Most of the time, however, malware is an immediate problem that must be dealt with quickly. It can wreak havoc on a user’s PC by destroying or encrypting files and holding them for ransom; flooding the user’s screen with ads or other pop-ups that render the computer unusable; or turning the victim’s machine into a spam-spewing robot that infects the victim’s contacts. Cybercriminals are continually developing new forms of malware designed to evade security defenses, fly under the radar and erase their tracks.
Malware is delivered via a variety of methods, historically via email attachment. (As recently as 2018, PurpleSec reported that email was still responsible for 92% of malware infections.) But malware can also be delivered via infected web pages that trick the user into downloading a malicious app. Malicious text messages may direct a user to a compromised web page, and malicious apps that appear legitimate can infect a victim’s smartphone. Cybercriminals may even call a victim on the phone and trick them into visiting an infected webpage or giving them remote access control over their PC, at which point malware may be introduced to the system.
Malware can infect Microsoft Windows PCs, MacOS computers, smartphones, tablets or any other type of computing device. In short, no device is safe from malware.