Malware, short for malicious software, is intrusive and harmful software that has been designed to harm or exploit servers and networks as well as devices such as phones, tablets, laptops, and PCs. Cybercriminals use malware to steal user data, destroy files, and launch denial-of-service (DoS) attacks. The AV-Test Institute registers over 450,000 new malicious programs every single day. If you notice your device slowing down, showing excessive ads, or otherwise behaving unusually, then there’s a chance it has become infected with some form of malware. 

Even once you’ve discovered that malware has compromised your device, significant damage may already be done. This is why it’s important to be fully aware of the different types of malware and to know what actions to take to prevent malware from reaching your device. As malware comes in many forms, it can be incredibly hard to detect, which is why there are over 5 million reported malware attacks every year. Join us as we break down the most common types of malware and explain how to avoid them!  

Laptop with malware
Did you know? As of 2022, AV-ATLAS has detected over 920 million malware and over 210 million PUA (Potentially Unwanted Applications)!

Protect yourself from malware NordVPN* now!

The main types of malware 

If you’re aware of the many forms malware can take, then you have a better chance of defending yourself against attacks. So, take a look at our list of the seven most common types of malware. – 

  • Viruses – As one of the most common forms of malware, viruses lie dormant as they’re attached to files such as email attachments and downloads, only executing an attack once the file has been launched. Viruses will then self-replicate as they steal data, seize applications, and spread across other devices. Most viruses require an action from a user in order to stage an attack and spread to their device. This action is usually in the form of opening a link or downloading an application. Although the terms “virus” and “malware” are often used interchangeably, a virus is actually a specific form of malware, with the first ever PC virus, dubbed as Elk Cloner, being written in 1982 by a student as a joke. 
  • Trojans – A trojan horse (or just trojan) is malware that disguises itself as a legitimate program to trick users into installing it on their device. Trojans appear to be safe and trustworthy, so they’re much harder to detect and prevent compared to other forms of malware. This malware often hides in apps, software patches, and email attachments. Once trojans are installed on a users’ device, hackers can use them to access sensitive information, modify data, spy on user activity, or even gain access to their network. 
  • Adware – Short for “advertising malware”, adware is generally less harmful than other forms of malware and is often one of the easiest to detect. Similar to trojans, adware relies on sneaking on users’ devices by hiding in installable programs. With the purpose to generate revenue for hackers adware will then flood its victims’ devices with pop-up ads or redirect them to advertising websites. Adware is not only incredibly annoying but is also a huge threat to users’ privacy. This malware can collect user data which is then sold to advertisers or used to create a digital profile. 
  • Ransomware – Another highly profitable malware, ransomware, is usually targeted at large organisations rather than individual users. After being mistakenly downloaded through phishing email attachments or website links, ransomware uses encryption to lock a user out of their device. Users will be denied access to their data or system until they pay a ransom, causing businesses downtime and data leaks. Payments demanded by hackers can range from a couple of hundred to hundreds of thousands of Euros and are usually paid through digital currency such as Bitcoin. The presence of ransomware is rapidly rising and climbed an unprecedented 105% in 2021.
  • Spyware – This form of malware discretely runs in a device’s operating system background so it can stealthily spy on users without being detected. Spyware aims to track user activity and gather information such as passwords, financial details, and personally identifiable information (PII). Often hiding in trojans, spyware is very sneaky and hard to detect before it has stolen enough data for hackers to use for identity theft, credit card fraud, and other illegal activities. A popular form of spyware is keyloggers which are designed to monitor your keystrokes to record passwords, credit card numbers, and other sensitive information. 
  • Worms – Computer worms are self-replicating malware programs that don’t require user action in order to spread across devices. Worms will exploit software and security vulnerabilities to spread to a computer where it can modify files, steal data, and install a backdoor that allows hackers to gain complete control of the device. A worm’s main purpose is to spread as much as possible, so it will continuously duplicate on its host device and distribute itself across other devices. The presence of worms can lead to depleted system resources, disrupted networks, and excessive bandwidth consumption. 
  • Bots – Bots, also known as zombie computers, are malware-infected computers that are being remotely controlled by hackers to cause disruptions on a huge scale. A computer that is infected with bots can spread the malware to other devices, creating a botnet. Botnets can be used by hackers to launch mass attacks such as DDoS (distributed denial of service) or brute force attacks to crash entire servers, steal user information, and distribute more malware. Users are usually unaware of their role in a botnet attack as symptoms of a bot infection are similar to other forms of malware as well as general hardware or software issues. 

How to avoid malware

Now you know the main forms of malware, we explain the steps you can take to avoid potential attacks – 

  • Regularly update your device’s software – Malware can hijack your device through security vulnerabilities and outdated systems, so you should always ensure that you regularly update your software (including software tools, browsers, and plugins) to the newest versions. Most operating systems such as Windows and macOS have automatic updates that can be enabled, so your software always stays up to date. It’s also a good idea to back up important data on an external drive so you can avoid potential threats from ransomware attacks. However, you should never attach any removable devices that are unfamiliar or publicly accessible, as USB flash drives can be loaded with malware and left in public places. 
  • Be aware of phishing attempts – Phishing attempts are a type of social engineering attack where cybercriminals are posed as trustworthy sources and send users malicious emails, texts, and instant messages. With phishing attempts, malware is often hiding in email attachments, so you should think twice before clicking on any emails that are sent from unknown users. If you receive an email from a company, rather than clicking on any included links, type the URL of the company directly into your browser and perform any actions through there. Fraudulent emails often don’t address users by name and instead use phrases such as “Dear customer” and usually contain grammatical errors and misspellings. 

Some websites can also be compromised and can infect your device directly if you visit them. Phishing sites are more common than ever and are designed to look like the official version of legitimate websites such as banking and social media sites. To avoid accidentally falling into a phishing site trap, carefully check the URL of the website you’re visiting for any selling mistakes or swapped letters. Additionally, some malicious websites will spam visitors with pop ups and misleading buttons in an attempt to trick them into installing malware. 

  • Learn the signs of a malware infection – If malware has already infected your device, then you need to take action to remove it as fast as possible to minimise damage. To identify a malware infection, you should be looking out for unusual behaviour on your device. This can include repeated error messages popping up, frequent crashes, a quickly depleting battery, or slowed down system performance. As we’ve already mentioned, if you’re suddenly seeing excessive ads and are being redirected to other websites or search engines, then your device likely has adware installed. Infected devices may also refuse to shut down or let you remove certain software. If you discover that you’ve fallen victim to a malware attack, then you can report it to or any other country-specific cybercrime website
  • Use a VPN and antivirus software – VPNs are fantastic security tools that can protect you from malware attacks. A VPN (virtual private network) works by encrypting user data in a secure tunnel that is impossible for hackers to intercept. VPNs also reroute user traffic through remote servers which conceals users’ IP addresses and prevents hackers from accessing networks to inject malware. VPNs can help reduce your chances of falling victim to certain malware attacks, but not all. Malware such as trojans have been designed to work through user actions, and a VPN alone can’t stop you from clicking on a shady link or installing malicious software. 

However, VPNs are still highly valuable tools to have when it comes to avoiding most forms of malware. Many reputable VPNs provide additional security features such as anti-malware software that can help your chance of falling victim to an attack. For example, NordVPN* has an integrated Threat Protection tool that has been designed to protect users from malware and other cyber attacks. Whenever a user downloads a file this tool will automatically scan it for malware and if any is detected, then the file is immediately deleted. Threat Protection also steers users away from dangerous websites by displaying a warning message rather than loading the page’s content.

Finally, this tool has a built-in ad blocker that prevents all ads including pop-ups, autoplay videos, and banners from loading on users’ browsers. Malware-ridden ads are often spammed on compromised websites and can be mistakenly clicked on by users which triggers malware installation or a connection to the attacker’s server. With ad-blocking technology, your exposure to malicious ads is significantly reduced as they are blocked before they even have a chance to load. This can also drastically speed up your page loading times and reduce bandwidth usage. In another article, we explain the best VPNs with built-in ad blockers, all of which can help reduce your device’s risk of becoming infected with malware through malversiting

We highly recommend that you use both a VPN and antivirus software to protect yourself from malware attacks. If you’re not sure which antivirus to choose, then check out our list of the best antivirus software for Windows and macOS. Furthermore, your phone is just as vulnerable as your computer and mobile-targeted malware is becoming increasingly more sophisticated over time. Many VPNs offer apps for Android and iOS devices that include anti-malware features, so we advise you pair this with mobile antivirus software

To conclude 

Our main point is, malware attacks are much more common than you may think and can be extremely harmful to your device. Malware victims can have their identity stolen, data deleted, devices locked, and as a result, can cost them thousands. So, other than being aware of the main types of malware and paying attention to the key signs of a malware infection, you should be regularly updating your software, dodging shady websites, and avoiding unknown links. Aside from this, we recommend that you install a VPN with built-in malware protection alongside reliable antivirus software.