anavem.
Back to Glossary
M

Malware

Malware is any software intentionally designed to disrupt systems, steal data, gain unauthorized access, or damage devices, networks, or digital services.

What is malware?

Malware (short for malicious software) is a broad term that describes any software created with malicious intent. Its purpose can range from data theft and espionage to system disruption, financial fraud, or full infrastructure compromise.

Malware can target:

  • Endpoints (Windows, macOS, Linux)
  • Servers and virtual machines
  • Mobile devices
  • Cloud workloads and SaaS platforms
  • Network equipment and IoT devices

Modern malware is often modular, stealthy, and multi-stage, making detection and remediation increasingly complex.

Why malware matters

Malware is one of the primary tools used by cybercriminals and threat actors to:

  • Establish an initial foothold in an environment
  • Maintain persistence and backdoor access
  • Steal credentials, data, or intellectual property
  • Spy on users or organizations
  • Deploy ransomware or destructive payloads
  • Monetize access through extortion or resale

A single malware infection can escalate into a full-scale breach if not detected early.

Common types of malware

Malware exists in many forms, including:

1) Viruses
Attach themselves to legitimate files and spread when those files are executed. 2) Worms
Self-propagate across networks without user interaction. 3) Trojans
Disguised as legitimate software but execute malicious actions once installed. 4) Ransomware
Encrypts data or systems and demands payment for recovery. 5) Spyware
Secretly monitors user activity and collects sensitive information. 6) Adware
Displays unwanted advertisements, often bundled with other software. 7) Rootkits
Hide malicious activity by modifying OS-level components. 8) Infostealers
Extract credentials, browser data, cookies, crypto wallets, and session tokens. 9) Botnet malware
Turns infected systems into remotely controlled bots used for DDoS or fraud.

How malware is delivered

Attackers commonly distribute malware through:

  • Phishing emails and malicious attachments
  • Compromised or fake software installers
  • Drive-by downloads from malicious or hacked websites
  • Exploited vulnerabilities in unpatched systems
  • Supply chain attacks (tainted updates or libraries)
  • Malicious browser extensions or scripts

In enterprise environments, identity-based malware delivery (OAuth abuse, token theft) is increasingly common.

Malware lifecycle

A typical malware attack follows several stages:

  1. Delivery -- malware reaches the target system
  2. Execution -- payload runs on the device
  3. Foothold -- initial access is established
  4. Persistence -- mechanisms ensure long-term access
  5. Command-and-Control (C2) -- communication with attacker infrastructure
  6. Action on objectives -- data theft, ransomware, sabotage, etc.

Indicators of malware infection

Common warning signs include:

  • Unexpected processes, services, or scheduled tasks
  • Suspicious outbound network connections
  • Performance degradation or system instability
  • Disabled security tools or altered configurations
  • New user accounts or credential misuse
  • Unusual authentication or API activity in cloud environments

How to defend against malware

Effective malware defense typically combines:

  • Endpoint Detection and Response (EDR/XDR)
  • Email security and phishing protection
  • Least-privilege access and strong identity controls
  • Regular patching and vulnerability management
  • Application allowlisting and execution control
  • Centralized logging and threat detection (SIEM)

No single control is sufficient - defense in depth is required.

Common misconceptions

  • "Antivirus alone is enough"
  • "Malware only targets Windows systems"
  • "Cloud services are immune to malware"
  • "If ransomware didn't deploy, the incident is minor"

In reality, malware frequently targets identity, cloud APIs, and business logic, not just files.