What is malware?
Malware definition
Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems.
Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning.
The motives behind malware vary. Malware can be about making money off you, sabotaging your ability to get work done, making a political statement, or just bragging rights. Although malware cannot damage the physical hardware of systems or network equipment (with one known exception—see the Google Android section below), it can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission.
You know how every year the medical community campaigns for everyone to get a flu shot? That’s because flu outbreaks typically have a season—a time of year when they start spreading and infecting people. In contrast, there are no predictable seasonal infections for PCs, smartphones, tablets, and enterprise networks. For them, it’s always flu season. But instead of suffering chills and body aches, users can fall ill from a kind of machine malady—malware.
How can I tell if I have a malware infection?
Malware can reveal itself with many different aberrant behaviors. Here are a few telltale signs that you have malware on your system:
- Your computer slows down. One of malware’s side effects is to reduce the speed of your operating system (OS), whether you’re navigating the Internet or just using your local applications, usage of your system’s resources appears abnormally high. You might even notice your computer’s fan whirring away at full speed—a good indicator that something is taking up system resources in the background. This tends to happen when your computer has been roped into a botnet; i.e. a network of enslaved computers used to perform DDoS attacks, blast out spam, or mine cryptocurrency.
- Your screen is inundated with annoying ads. Unexpected pop-up ads are a typical sign of a malware infection. They’re especially associated with a form of malware known as adware. What’s more, pop-ups usually come packaged with other hidden malware threats. So if you see something akin to “CONGRATULATIONS, You’ve won a free psychic reading!” in a pop-up, don’t click on it. Whatever free prize the ad promises, it will cost you plenty.
- Your system crashes. This can come as a freeze or a BSOD (Blue Screen of Death), the latter occurs on Windows systems after encountering a fatal error.
- You notice a mysterious loss of disk space. This could be due to a bloated malware squatter, hiding in your hard drive aka bundleware.
- There’s a weird increase in your system’s Internet activity. Take Trojans for example. Once a Trojan lands on a target computer, the next thing it does is reach out to the attacker’s command and control server (C&C) to download a secondary infection, often ransomware. This could explain the spike in Internet activity. The same goes for botnets, spyware, and any other threat that requires back and forth communication with the C&C servers.
- Your browser settings change. If you notice your homepage changed or you have new toolbars, extensions, or plugins installed, then you might have some sort of malware infection. Causes vary, but this usually means you clicked on that “congratulations” pop-up, which downloaded some unwanted software.
- Your antivirus product stops working and you cannot turn it back on, leaving you unprotected against the sneaky malware that disabled it.
- You lose access to your files or your entire computer. This is symptomatic of a ransomware infection. The hackers announce themselves by leaving a ransom note on your desktop or changing your desktop wallpaper itself in to a ransom note (see GandCrab). In the note, the perpetrators typically inform you that your data has been encrypted and demand a ransom payment in exchange for decrypting your files.
Even if everything seems to be working just fine on your system, don’t get complacent, because no news isn’t necessarily good news. Powerful malware can hide deep in your computer, evading detection, and going about its dirty business without raising any red flags. While we’ve provided a quick malware spotter’s guide, it really takes the unfaltering eye of a good cybersecurity program to detect malware on your system (more on that later).
How do I get malware?
The two most common ways that malware accesses your system are the Internet and email. So basically, anytime you’re connected online, you’re vulnerable.
Malware can penetrate your computer when (deep breath now) you surf through hacked websites, view a legitimate site serving malicious ads, download infected files, install programs or apps from unfamiliar provide, open a malicious email attachment (malspam), or pretty much everything else you download from the web on to a device that lacks a quality anti-malware security application.
Malicious apps can hide in seemingly legitimate applications, especially when they are downloaded from websites or direct links (in an email, text, or chat message) instead of an official app store. Here it’s important to look at the warning messages when installing applications, especially if they seek permission to access your email or other personal information.
Types of malware
Here are the most common offenders in the rogues’ gallery of malware:
- Adware is unwanted software designed to throw advertisements up on your screen, most often within a web browser. Typically, it uses an underhanded method to either disguise itself as legitimate, or piggyback on another program to trick you into installing it on your PC, tablet, or mobile device.
- Spyware is malware that secretly observes the computer user’s activities without permission and reports it to the software’s author.
- A virus is malware that attaches to another program and, when executed—usually inadvertently by the user—replicates itself by modifying other computer programs and infecting them with its own bits of code.
- Worms are a type of malware similar to viruses. Like viruses, worms are self-replicating. The big difference is that worms can spread across systems on their own, whereas viruses need some sort of action from a user in order to initiate the infection.
- A Trojan, or Trojan horse, is one of the most dangerous malware types. It usually represents itself as something useful in order to trick you. Once it’s on your system, the attackers behind the Trojan gain unauthorized access to the affected computer. From there, Trojans can be used to steal financial information or install other forms of malware, often ransomware.
- Ransomware is a form of malware that locks you out of your device and/or encrypts your files, then forces you to pay a ransom to regain access. Ransomware has been called the cybercriminal’s weapon of choice because it demands a quick, profitable payment in hard-to-trace cryptocurrency. The code behind ransomware is easy to obtain through online criminal marketplaces and defending against it is very difficult. While ransomware attacks on individual consumers are down at the moment, attacks on businesses are up 365 percent for 2019. As an example, the Ryuk ransomware specifically targets high-profile organizations that are more likely to pay out large ransoms. For more, check out the Malwarebytes Labs Ransomware Retrospective.
- Rootkit is a form of malware that provides the attacker with administrator privileges on the infected system, also known as “root” access. Typically, it is also designed to stay hidden from the user, other software on the system, and the operating system itself.
- A keylogger is malware that records all the user’s keystrokes on the keyboard, typically storing the gathered information and sending it to the attacker, who is seeking sensitive information like usernames, passwords, or credit card details.
- Malicious cryptomining, also sometimes called drive-by mining or cryptojacking, is an increasingly prevalent malware usually installed by a Trojan. It allows someone else to use your computer to mine cryptocurrency like Bitcoin or Monero. So instead of letting you cash in on your own computer’s horsepower, the cryptominers send the collected coins into their own account and not yours. Essentially, a malicious cryptominer is stealing your resources to make money.
- Exploits are a type of malware that takes advantage of bugs and vulnerabilities in a system in order to give the attacker access to your system. While there, the attacker might steal your data or drop some form of malware. A zero-day exploit refers to a software vulnerability for which there is currently no available defense or fix.
What is the history of malware?
Given the variety of malware types and the massive number of variants released into the wild daily, a full history of malware would comprise a list too long to include here. That said, a look at malware trends in recent decades is more manageable. Here are the main trends in malware development.
The 1980s and onward: The theoretical underpinning of “self-reproducing automata” (i.e., viruses) dates back to a lecture delivered in 1949 by 20th century Renaissance man John von Neumann. However, the history of modern viruses begins with a program called Elk Cloner, which started infecting Apple II systems in 1982.
Disseminated by infected floppy disks, the virus itself was harmless, but it spread to all disks attached to a system, exploding so virulently that it can be considered the first large-scale computer virus outbreak in history. Note that this was prior to any Windows PC malware. Since then, viruses and worms have become widespread.
The 1990s: Microsoft Windows began its long run as the most popular OS in the world (not to be overtaken till Google’s Android many years later). As the Windows OS and its built-in applications grew in popularity, so too did the number of viruses written for the platform. In particular, malware authors started to write infectious code in the macro language of Microsoft Word. These macro viruses infected documents and templates rather than executable applications, although strictly speaking, the Word document macros are a form of executable code.
2002 to 2007: Instant messaging (IM) worms spread across popular IM networks, including AOL AIM, MSN Messenger, and Yahoo Messenger. Most attacks started with a social engineering ploy. Attackers might send out an IM that reads something like “Who’s with you in this picture?” or “OMG, I think you won the lottery!” along with a link to a malicious download. Once your system was infected, the IM worm would further propagate itself by sending malicious download links to everyone on your contact list.
2005 to 2009: Adware attacks proliferated, presenting unwanted advertisements to computer screens, sometimes in the form of a pop-up or in a window that users could not close. These ads often exploited legitimate software as a means to spread, but around 2008, software publishers began suing adware companies for fraud. The result was millions of dollars in fines. This eventually drove adware companies to shut down. Today’s tech support scams owe much to the adware of yesteryear, employing many of the same tricks as the old adware attacks; e.g., full screen ads that can’t be closed or exited.
2007 to 2009: Malware scammers turned to social networks such as Myspace as a channel for delivering rogue advertisements, links to phishing pages, and malicious applications. After Myspace declined in popularity, Facebook and Twitter became the preferred platforms.
2013: A new form of malware called ransomware launched an attack under the name CryptoLocker, which continued from early September 2013 to late May 2014, targeting computers running Windows. CryptoLocker succeeded in forcing victims to pay about $3 million in total, BBC News reported. Moreover, the ransomware’s success gave rise to an unending series of copycats.
2013 to 2017: Delivered through Trojans, exploits, and malvertising, ransomware became the king of malware, culminating in huge outbreaks in 2017 that affected businesses of all kinds.
2017: Cryptocurrency—and how to mine for it—has captured widespread attention, leading to a new malware scam called cryptojacking, or the act of secretly using someone else’s device to surreptitiously mine for cryptocurrency with the victims’ resources.
2018 to 2019: Ransomware made its big comeback. This time, however, cybercriminals shifted their focus from individual consumers to business targets. Riding a wave of GandCrab and Ryuk ransomware infections, attacks on businesses went up 365 percent from 2018 to 2019. As of this writing, there’s no indication the ransomware attacks will slow down.
Do Macs get malware?
Conventional wisdom has sometimes held that Macs and iPads are immune to catching viruses (and don’t need an antivirus). For the most part, that’s true. At the very least, it hasn’t happened in a long time.
“Mac systems are subject to the same vulnerabilities (and subsequent symptoms of infection) as Windows machines and cannot be considered bulletproof.”
Other kinds of malware are a different story. Mac systems are subject to the same vulnerabilities (and subsequent symptoms of infection) as Windows machines and cannot be considered bulletproof. For instance, the Mac’s built-in protection against malware doesn’t block all the adware and spyware bundled with fraudulent application downloads. Trojans and keyloggers are also threats. The first detection of ransomware for Macs occurred in March 2016, when a Trojan-delivered attack affected more than 7,000 Mac users.
In fact, Malwarebytes saw more Mac malware in 2017 than in any previous year. By the end of 2017, the number of new unique threats that our professionals counted on the Mac platform was more than 270 percent higher compared to the number noted in 2016.
Read more about the state of. Mac antivirus and anti-malware.
Do mobile devices get malware?
Malware criminals love the mobile market. After all, smartphones are sophisticated, complex handheld computers. They also offer an entrance into a treasure trove of personal information, financial details, and all manner of valuable data for those seeking to make a dishonest dollar.
Unfortunately, this has spawned an exponentially increasing number of malicious attempts to take advantage of smartphone vulnerabilities. From adware, Trojans, spyware, worms, and ransomware, malware can find its way onto your phone in a number of ways. Clicking on a dodgy link or downloading an unreliable app are some obvious culprits, but you can also get infected through emails, texts, and even your Bluetooth connection. Moreover, malware such as worms can spread from one infected phone to another without any interaction from the user.
The fact is, it’s a huge market (read: target). The GSMA, a trade body that represents mobile carriers, puts the number of mobile device users somewhere over 5 billion, worldwide. A quarter of these users own more than one device. Fraudsters find the mobile market very attractive and take advantage of a gigantic economy of scale to leverage their efforts.
Mobile users are often easier to target as well. Most do not protect their phones as diligently as they do their computers, failing to install security software or keep their operating systems up to date. It’s not entirely our fault. Apple, on average, supports their phones—meaning you can download the latest iOS—five years after the launch date. Android phones can be updated for about three years.
Infected mobile devices are a particularly insidious danger compared to a PC. Ironically, the “personal computer” isn’t personal anymore. Phones, conversely, go with us everywhere. As a society we’ve become so attached to our phones that there’s now an actual word for the fear we experience when we don’t have our phones: Nomophobia.
A hacked microphone and camera can record everything you see and say. A hacked GPS can broadcast your every move. Even worse, mobile malware can be used to evade the multi-factor authentication (MFA) many apps use to keep our data secure.
“The more popular Android platform attracts more malware than the iPhone.”
Keep in mind that cheap phones can come with malware pre-installed, which can be difficult to remove (Malwarebytes for Android is a big help here).
Regarding the mobile malware ecosystem, the two most prevalent smartphone operating systems are Google’s Android and Apple’s iOS. Android leads the market with 76 percent of all smartphone sales, followed by iOS with 22 percent of all smartphones sold. No big surprise then that the more popular Android platform attracts more malware than the iPhone. Let’s look at them each separately.
How can I tell if my Android device has malware?
There are a few unmistakable signs your Android phone is infected. That said, you may be infected if you see any of the following.
- A sudden appearance of pop-ups with invasive advertisements. If they appear out of nowhere and send you to sketchy websites, you’ve probably installed something that hides adware within it. It suffices to say—don’t click on these ads.
- A puzzling increase in data usage. Malware chews up your data plan by displaying ads and sending out the purloined information from your phone.
- Bogus charges on your bill. This happens when malicious software makes calls and sends texts to premium numbers.
- Your battery runs down quickly. Malware is a resource burden, gulping down your battery’s juice faster than normal.
- Your contacts receive strange emails and texts from your phone. Mobile malware often spreads from one device to another by means of emails and texts containing malicious links.
- Your phone is hot. A phone generally means the processor is being taxed by a lot of resource intensive activity. Malware? Possibly. The Loapi Trojan can push the processor to the point of overheating the phone, which makes the battery bulge, leaving your phone for dead.
- Apps you didn’t download. Sometimes you download seemingly legitimate apps that have malware buried in the code. This malware, in turn, downloads other malicious apps. It helps to stick to trusted apps from known sources, but even the Google Play store itself has dozens of malicious apps sneak through every year.
- Wi-Fi and Internet connections turn themselves on. This is another way malware propagates, ignoring your preferences and opening up infection channels.
How can I tell if my iPhone or iPad has malware?
Good news, Apple fans. Malware is not a significant issue on the iPhone. That is not to say it doesn’t exist, but it’s extremely rare. In fact, suffering a malware infection on an iPhone mostly only happens under three extraordinary circumstances.
“While outright malware infections are unlikely, using an iPhone doesn’t protect you at all against robocalls or text message scams.”
1. A targeted attack by a nation-state-level adversary. In this case, a government has either created or purchased, at a cost of millions of dollars, a piece of malware engineered to take advantage of some obscure security hole in iOS. Don’t be shocked, because all devices have some sort of vulnerability.
To be sure, Apple has done a fine job of securing iOS, even preventing any apps (including security software) from scanning the phone or other apps on the device’s system. This approach, known as the walled garden, is why there are so few examples of iOS malware—creating it is simply too expensive, difficult, and time consuming for most cybercriminals.
One particularly noteworthy instance happened in 2016 when an internationally recognized human rights defender, based in the United Arab Emirates (UAE), received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails. The targeted recipient was invited to click on an included link. He didn’t, but instead sent the message to cybersecurity researchers, who identified it as containing an exploit that would have turned the activist’s phone into a digital spy. The zero-day vulnerabilities used in this attack have since been patched.
2. An attack on a jailbroken iPhone. Jailbreaking an iPhone removes the restrictions and limitations Apple imposes as part of its walled garden approach to software design, mainly to allow the installation of apps from outside Apple’s App Store. Apple carefully vets the app developers it carries, even though malware piggybacking on a legitimate app has happened.
3. An attack on an outdated iPhone. On August 29, 2019 Apple fans’ heads exploded—there was a series of iOS exploits being used to infect normal, non-jailbroken iPhones with malware. The attack started when victims landed on a hacked website.
From there, there the malicious websites infected devices with malware using a serious of exploits to get root access. Once the infection takes root, attackers are able to see your stored passwords, texts, call history, photos, contacts, notes and recordings. They can even track your GPS location. To this day, it’s unclear which sites served up the infection, but the exploits have been patched and it’s very unlikely you’ll catch this infection. That being said, if you’re using an outdated phone (older than iOS 12.1.4) and you never reset your phone, you could be vulnerable.
One more point about Android and iOS threats. There’s two more cyberthreats that affect both iOS and Android users: phishing attacks and scam calls. As it pertains to phishing, if you tap a link in a message from an unknown source or someone you know who’s being spoofed, it could send you to a site faked to look like a legitimate site that asks for your login and other personal information. Bottom line: Always proceed with caution.
Regarding scam calls—they’re the bane of our modern existence—calls from numbers you don’t know, sometimes in your own area code, with threatening pre-recorded messages purporting to be from various government agencies. Whoever the caller claims to be, unless it’s from a political candidate, airline, charity, healthcare provider, school, or debt collector—it’s probably illegal.
Who does malware target?
The answer here is: Take your pick. There are billions of consumer-owned devices out there. They’re connected to banks, retail store accounts, and anything else worth stealing. It’s a broad attack surface for adware and spyware, keyloggers, and malvertising—as well as an attractive method for lazy criminals to create and distribute malware to as many targets as possible, with proportionately little effort.
“If you use your smartphone or tablet in the workplace, hackers can turn their attack to your employer.”
While not currently popular with cybercriminals, cryptominers seem to be equal opportunity about their targets, going after both individuals and businesses. Ransomware, on the other hand, targets businesses, hospitals, municipalities, and retail store systems in disproportionately greater numbers than consumers.
Also, it’s not just consumers that mobile spyware criminals target. If you use your smartphone or tablet in the workplace, hackers can turn their attack to your employer through vulnerabilities in mobile devices. Moreover, your corporation’s incident response team may not detect breaches that originate through a mobile device’s use of corporate email.
To repeat, not all of the apps available through Apple’s App Store and Google Play are desirable and the problem is even more acute with third-party app stores. While the app store operators try to prevent malicious apps from penetrating their site, some inevitably slip through. These apps can steal user information, attempt to extort money from users, try to access corporate networks to which the device is connected, and force users to view unwanted ads or engage in other types of unsanitary activity.
How to remove malware
Follow these three easy steps to remove malware from your device.
1. Download and install a good cybersecurity program. As it happens, Malwarebytes has programs for every platform we’ve discussed in this article: Windows, Mac, Android, and Chromebook.
2. Run a scan using your new program. Even if you don’t opt for Malwarebytes Premium, the free version of Malwarebytes is still great at removing malware. The free version, however, does not proactively stop threats from getting on your system in the first place.
3. Change all your passwords. Now that you know you’re not being snooped on by some form of malware, you need to reset your passwords—not only for your PC or mobile device, but also your email, your social media accounts, your favorite shopping sites, and your online banking and billing centers.
This may sound paranoid, but with spyware, banking Trojans and the like, you just don’t know for sure what data was captured before you stopped the infection. As always, use some form of multi-factor authentication (at least two-factor) and don’t think you need to memorize all your passwords. Use a password manager instead.
- If your iPhone or iPad is infected with malware (as improbable as that may be). Things are a little trickier. Apple does not permit scans of either the device’s system or other files, though Malwarebytes for iOS, for example, will screen and block scam calls and texts. Your only option is to wipe your phone with a factory reset, then restore it from your backup in iCloud or iTunes. If you didn’t backup your phone, then you’re starting over from scratch.
How to protect against malware
In no particular order, here’s our tips on protecting against malware.
1. Pay attention to the domain and be wary if the site isn’t a top-level domain, i.e., com, mil, net, org, edu, or biz, to name a few.
2. Use strong passwords with multi-factor authentication. A password manager can be a big help here.
3. Avoid clicking on pop-up ads while browsing the Internet.
4. Avoid opening email attachments from unknown senders.
5. Do not click on strange, unverified links in emails, texts, and social media messages.
6. Don’t download software from untrustworthy websites or peer-to-peer file transfer networks.
7. Stick to official apps from Google Play and Apple’s App Store on Android, OSX, and iOS (and don’t jailbreak your phone). PC users should check the ratings and reviews before installing any software.
8. Make sure your operating system, browsers, and plugins are patched and up to date.
9. Delete any programs you don’t use anymore.
10. Back up your data regularly. If your files become damaged, encrypted, or otherwise inaccessible, you’ll be covered.
11. Download and install a cybersecurity program that actively scans and blocks threats from getting on your device. Malwarebytes, for example, offers proactive cybersecurity programs for Windows, Mac, Android, and Chromebook. Plus, our latest offering, Malwarebytes Browser Guard. It’s free and it’s the only browser extension that can stop tech support scams along with any other unsafe and unwanted content that comes at you through your browser.