Types of Malware
Types of Malware
Malware has evolved far beyond the simple computer viruses of the past. Today’s threat landscape is filled with highly specialised malicious software designed to steal data, extort money, spy on users, or even destroy entire systems. Understanding these categories is essential for anyone working in cybersecurity or simply trying to stay safe online.
Adware is one of the most common—and often underestimated—forms of malware. Its primary goal is to bombard users with unwanted advertisements. While some adware is merely irritating, more sophisticated variants can manipulate browser settings, track user behaviour, or open the door to more dangerous infections.
Spyware operates quietly in the background, collecting information without the user’s knowledge. It can track browsing habits, record keystrokes, capture screenshots, or harvest sensitive data such as login credentials. Pegasus is one of the most well-known spyware tools.
Ransomware has become one of the most financially damaging forms of malware. It encrypts files or entire systems, then demands payment—often in cryptocurrency—in exchange for the decryption key. Akira is a modern ransomware variant that targets businesses, schools, and public services.
Unlike ransomware, wipers don’t seek financial gain. Their goal is pure destruction. Once activated, they overwrite or delete files permanently, often crippling organisations beyond recovery.
C2 malware establishes a communication channel between an infected device and an attacker-controlled server. This allows cybercriminals to issue commands, deploy additional payloads, or coordinate large-scale botnets. For example, Agent Tesla Remote Access Trojan (RAT), Emotet, TrickBot, etc.
Data stealers are designed to exfiltrate valuable information such as documents, credentials, browser cookies, or cryptocurrency wallets. They often operate quickly to avoid detection.
Keyloggers record everything a user types, such as passwords, messages, credit card numbers, and more. They can be standalone malware or part of a larger infection chain.
Cryptomining malware secretly uses a victim’s computing resources to mine cryptocurrency for the attacker. This often results in high CPU usage, overheating, slow performance, and increased electricity costs.
Binary malware consists of compiled executables—programs that run directly on an operating system. These typically appear as:
.exe (Windows Executable)
.dll (Dynamic Link Library)
Because they are compiled from source code, binaries must be executed on a system that is compatible with the source code. Attackers commonly deliver them through:
Email attachments (e.g., invoice.pdf.exe)
Malicious downloads from compromised websites
Removable media such as USB drives
Secondary payloads dropped by other malware
To increase the chances of execution, attackers often disguise binaries using misleading icons (e.g., a PDF icon on an .exe file) or by hiding file extensions.
Script-based malware uses scripting languages such as:
JavaScript (.js)
Visual Basic Script (.vbs)
Windows batch (.bat)
PowerShell (.ps1)
Scripts are lightweight, easy to modify, and often used for initial access. A common scenario involves a user opening an office document (e.g. report.docm) that triggers a macro, which then launches a hidden PowerShell script. Because scripts can run directly in memory, they are popular for stealthy attacks that avoid writing files to disk.