Skip to Main Content

What is malware and how does it work?

Cybercriminals use it to extract personal data, corrupt files, or even take over your entire device or identity: Welcome to the murky world of malware, the malicious software, file, or code that’s designed to disrupt and damage. Join us in exploring the many ways it can disguise itself and how it works, plus how you could unwittingly be spreading it. Above all, make sure you have trusted online protection in place. Avira Free Security is more than “just” antivirus software—it helps protect you from weak passwords and outdated software too.  


What is malware and why does it exist? 

Every day, we navigate a digital world that’s teeming with malware. This malicious software is specifically designed to carry out cyberattacks such as data theft or device tampering. What harm can it do exactly and what are the types of online threats that you’re most likely to encounter? Above all, how can you help protect your data, identity, and devices from an insidious digital opponent that can lurk everywhere and be a master of disguise? That’s why we created this detailed guide: You’ll find your malware questions answered so you can arm yourself with the latest information and learn how to stay safer online.   

Who creates malware and what could they stand to gain from spreading a cyber-plague? Boredom? An evil sense of humor? Both would probably help, but like most things in life, financial gain is usually the ultimate reward. Since the rise of widespread broadband Internet access, malicious software has offered scammers, blackmailers, and other cybercriminals the opportunity to engage with a huge global target market that would otherwise be beyond their reach. They use malware attacks to try and take control of company and user devices or steal sensitive information, such as credit card data, personal information, or login credentials. They can then sell these on the dark web or use them for their own fraudulent activities, like making purchases in the victim’s name or blackmailing an organization by threatening to leak customer data to damage its reputation. Think of your device as an enticing digital doorway into your virtual “home”. Your personal data is new-age loot.  

How does malware infect computer systems?  

Malicious software accesses your computer via the internet and email, and anytime you’re online, you could be vulnerable. Malware developers know that to be successful, their software must be as inconspicuous as possible—so their creations are sneaky and deploy different methods to tiptoe onto your computer or mobile device. Your first line of defense: Trust no-one—and definitely not an unknown sender! Remember that even a best friend or spouse can accidentally send infected files.  

Here are common ways that users can infect their devices with online threats: Surfing on hacked websites, clicking on a malicious ad, downloading infected files, installing programs or apps from unofficial sources, and opening a malicious email attachment. It’s so tempting to click on a link in an email or text, but who knows where you’ll be directed to and what’s waiting when you land… And always take a careful look at messages that appear when you’re installing an application. Are they requesting permission to access your email or other personal information, and do they really need this to function? Never give away more than is strictly necessary.   

A good rule of thumb is to be especially wary of free downloads, like illegal copies of movies, TV shows, games, and other content available on file-sharing sites. Viruses and other online threats can also lurk on removable storage like external hard drives or thumb drives and secretly load themselves onto your device’s internal storage. Unfamiliar USB drive? Plug it in at your peril.  

Meet the common types of malware—and some newer surprises 

Once the malware has been installed, it infects your device and begins working as an evil servant for its hacker overlord. There are many types of online threats, and all differ in how they multiply and the damage they cause.  

  • Spyware: Like the undercover agents we see in movies, spyware secretly collects information about your device or network—and keyloggers even capture what you type, including login credentials and credit card numbers. They can then use this data to steal your identity. 
  • Ransomware: This is the digital equivalent of a kidnapper’s ransom note and your data is usually the victim. Ransomware locks down your files or entire computer system until the ransom is paid to the hacker. Popular targets are usually companies or individuals that store critical information.   
  • Rootkits: These undercover operators provide continuous and privileged access to the computer they infect, and you won’t know they’re there. “Root” refers to the administrator account on Unix and Linux systems, and “kit” is the software that implements the malware. Once a rootkit has been installed, its operator can remotely execute files and change system configurations on the host computer. 
  • Worms: Not to be confused with the useful garden variety, these online nasties wriggle their way onto a device, replicate themselves and then spread to other machines. Some worms deliver more malware too, while others are designed to cause no real harm, but are a nuisance when they clog up bandwidth. 
  • Trojans: Remember the legendary tale of the Greeks who were misled by a wooden horse that contained enemy soldiers? Similarly, today’s Trojans disguise themselves as legitimate software and once they’re safely in your machine, they unleash malware. Many people think of Trojans as viruses, but they’re door-openers for other malicious programs, that can include viruses. Find out more about the infamous Xworm Remote Access Trojan (RAT) here 
  • Adware: This annoying software bombards an infected device with unwanted online adverts in an attempt to create revenue for the malware developer and collect personal data about the victim in the process. Beware of free games and browser toolbars as these may harbor adware! Remember: You rarely get something for nothing.  
  • Botnets: This isn’t malicious software but an army of computers or computer code that executes malware attacks. The individual virtual “soldiers” are called bots, and they receive commands from their controller. Connected infected computers form a network called a “botnet” which can be used to carry out Distributed Denial-of-Service (DDoS) attacks, steal data, and send spam.  
  • Cryptojacking (cryptomining): Bitcoin hasn’t escaped the attention of cybercriminals either. Cryptojacking software hides on a computer or mobile device and secretly “mines” cryptocurrencies (a type of online currency). This cyber-nasty is released if you click on an infected link in an email or text, but drive-by attacks can also occur via web pages laced with hidden JavaScript codes.  
  • Scareware: This software attempts to scare or threaten you, usually by tricking you into believing that something dreadful will happen if you don’t act fast. Often a pop-up window will open, and aggressively tells you to “click here” to resolve a serious security issue on your computer. Comply, and you’ll download malware or be redirected to a fake website. 
  • Mobile malware: As the name implies, smart phones and tablets are the target here so always remember to give your mobile devices the same trusted online protection you would your desktop! This type of attack is becoming more pervasive due to the huge rise in mobile technology usage—and employees commonly use their phones to access corporate networks. Antivirus Security for Android and Avira Mobile Security for iOS blend security, privacy, and performance tools in a single free app—so you’ll do more than help shield your precious data and device from millions of mobile online threads.  


Whatever anti-threat protection you opt for, it’s vital to scan for malware and reputable online security programs will do this regularly.  

Malware in action: See this Trojan get to work! 

Here’s an example of a cunning malware attack scenario. Let’s call our hapless victim Sam. He receives an email and opens the attached .zip file to reveal an Excel file (no, Sam!). This triggers an installation process that displays a pop-up warning of a suspicious root certificate from the “COMODO Certification Authority”.  

A pop-up window with the following message: “You are about to install a certificate from a certification authority (CA) claiming to represent COMODO…”. The user is invited to install or reject the certificate by clicking on “Yes” or “No”.

Sam thinks that sounds fine because he’s heard of Comodo, a well-known and trusted digital certification agency that provides authentication solutions for communications online. What Sam doesn’t know is that the certificate wasn’t issued by Comodo at all but is a fraudulent copy that’s been self-signed by its creator. Had Sam clicked his way through the tabs in this “certificate” he may have noticed that the email address listed there is me@myhost.mydomain.***.  

If Sam chooses to click on “Yes”, the malware will be downloaded. If it’s blocked by antivirus software or simply fails to auto-download, the attacker has kindly provided a “readme.txt” with instructions on how to proceed. This cunningly gives cybercriminals a second chance to successfully install their program. Sam is advised to open the unzipped file and turn off antivirus/firewalls and any other programs that block files from the internet (or at the very least add this file to the exceptions list and force-run it). These instructions provide a helpful snapshot of what every computer user should never do! Sadly, Sam runs the file and downloads a malicious file to three locations on his computer, including the Startup folder. Now the software is executed every time the PC boots up.  

The malware was revealed by Avira Protection Labs to be TR/, a Trojan designed to steal banking information. Avira provides real-time data on the current threat landscape and global online threat trends so it’s helpful to drop by if you want to stay abreast of the latest malware.  

In the dark about malware? Meet the strain that has electrifying results 

As you’ll have learnt by now, malware can encrypt devices, spy on you, steal your data…but did you know that it once plunged an entire city into darkness? Crash Override (also called Industroyer) first appeared in December 2016 and cut off the electricity supply to an estimated 700.000 households in Kiev, Ukraine. The adaptability of this malware means that it can pose a threat to power grids and other public services across the globe—and, alarmingly, experts believe the Kiev attack may just have been a proof of concept.  

It’s the first time that utilities have been the target of a fully automated attack, which allowed hackers to send commands directly to grid equipment. Researchers, as well as the United States government, eventually pointed an accusatory finger at Russia, but the origin of the Industroyer attacks has never been proven.  

Android users beware: Your beloved phone could be a soft target 

Cybercriminals want to spread their wares as widely as possibly, and love a medium with a vast user base, like Android. Unlike iOS, Android operates across a broad range of devices and the operating system is highly customizable, making it more likely to fall prey to online threats. While Apple strictly controls app distribution, Android allows users to download apps from third-party app stores which may (or may not!) have rigorous security controls in place. While every smartphone is potentially susceptible to online threats, it’s no surprise that so many organized cybercrime gangs choose Android targets. For example, in late December 2023, a new Android Trojan, Xamalicious, celebrated its own Christmas in the Google Play Store where it posed as a series of innocent apps related to health, games, and horoscopes. When downloaded, users unwrapped a “gift” of malware that bypassed their phone’s accessibility features and took control of the device, scanning for private data it could use to hack online accounts. Google has since removed the apps.  

If you use an Android phone, you’ll need to exercise extra caution and self-discipline online. Avoid suspicious emails and websites, regularly check your online accounts and transactions for unknown activity, and research any mobile apps you want to download. It also goes without saying that a reputable antivirus like Antivirus Security for Android is essential.  


How can you detect if a device is infected with malware? 

Malware needs to stay hidden to complete its mission. This can make it tricky to spot but there are tell-tale signs! Sadly, by the time you notice any changes, the damage has usually been done. It’s important to stay vigilant and look out for the symptoms below—at the very least, you’ll shorten the attack and help prevent further harm. 

Do you find yourself thinking (silently screaming) any of the following? 

  • “Why is my computer…so…slow?” One minute you’re whizzing along the internet’s cyber-highways and happily clicking through multiple windows, and then your machine starts feeling sluggish and its system resource usage is unusually high. The fan might also be whirring at high speeds. These could all be signs that your machine has been recruited into an army of botnets and is now churning out spam or mining bitcoin. Malware could also be corrupting your data and programs or trying to take command of your system and creating conflicts. Malicious software can also cause high disk usage by causing system errors or creating unnecessary processes that run in the background. 
  • “Oh no. My screen is suddenly clogged with pop-up ads.” “Congratulations! You’ve won a holiday to the Bahamas!”. “Claim your free cash prize now!”. If that sounds familiar, you’re most likely the recipient of an adware infection and not a great gift. Never be tempted to click on an ad or you could open the door to further malware.  
  • “There’s a spike in internet activity that wasn’t me”. Many online threats, like spyware and Trojans, require communication between your computer and the hacker’s command and control server. This can drive up your internet usage. 
  • “Why am I staring at the BSOD (Blue Screen of Death)?”. The blue screen of doom occurs on Windows computers, as well as Android and iOS devices if they experience a fatal error and become unresponsive. Mac users may see a multicolored pinwheel. When online threats consume too many resources or disrupt processes, your machine’s performance will suffer, and may even collapse entirely.  
  • “Where has my disk space gone?”. You may notice that a chunk of disk space has mysteriously disappeared. Malware lurking on your hard drive will take up space and sometimes also create duplicate or large, unnecessary files.  
  • “Have my browser settings changed?”. Suddenly your home screen seems to have a brand-new look and even a fresh toolbar with different extensions and plugins. You may even find yourself with another default search engine! Redirect viruses (often contained in those prize-winning popups we mentioned earlier) can cause these changes and add malicious apps and extensions. The virus then controls internet traffic and steers your browser to promotional or scam pages.  
  • “My antivirus has stopped working!”. Some online nasties disable your anti-threat protection, opening the door to other malicious threats. 
  • “I can’t open any files!”. You may also be denied access to your entire computer. This is symptomatic of a ransomware infection so look out for a ransom note. Hackers typically post these to your desktop and can even turn your desktop wallpaper into a decorative threat. You’ll usually be informed that your data has been encrypted and will only be released if you meet certain demands (like making a bitcoin payment).   

Help, I have malware! What to do next 

If your machine is acting strangely, and you’re convinced malicious software is to blame, then it’s time for action. Re-start your machine in safe mode, which limits it to essential processes only. Then run a Disk Cleanup to remove all temporary files (Start > Control Panel > Administrative Tools > Disk Cleanup) and empty your recycle bin. Now you’re ready to unleash a trusted cybersecurity tool like Avira Free Antivirus, also available with Avira Free Security, which will do a deep scan of your computer for any signs of an infection and mop things up. 


Hopefully these steps will help you avert the truly nuclear option of reformatting your hard drive and reinstalling the operating system. Best of luck.  

Here’s how to help protect yourself from malware 

Prevention is better than the cure and there are many effective measures you can take to help prevent a malware infection in the first place! In addition to a reputable antivirus that offers real-time online protection against even the latest threats, make sure that all your software is up to date. Aging apps and operating systems may contain loopholes known to hackers. For greater security and stability, update your drivers too. To help banish outdated programs and easily download the right ones, choose a trusted aide like Avira Software Updater 

Technology can’t stop you putting yourself at risk so practice good online habits: Never click on suspicious links or download files from sources you don’t trust. Back up your computer regularly and use strong, unique passwords for all your internet accounts. A password manager can help securely store and manage a multitude of complex passwords so you can’t forget or lose them (and you may never receive a password reset email again!).  

Remember that no device or operating system is immune to malware and it’s essential to extend your online protection across your entire ecosystem of products. It’s easy to forget that a small gadget like a smartphone needs big protection too. Phones today don’t just make calls—they download files and emails, connect to networks, and contain a treasure trove of personal information, from browsing histories to passwords and photos. It’s no wonder that cybercriminals love them too.   

That’s why Avira Free Security blends Avira Free Antivirus with a Software Updater, Password Manager, and more, for the multi-pronged security and privacy we all need for greater peace of mind. Avira protection is available for all major operating systems, so there’s no excuse to leave a device out in the cold—and it comes with free VPN.  

This post is also available in: GermanFrenchSpanishItalian

Freelance Cybersecurity Writer
Nicola Massier-Dhillon is an experienced cybersecurity and technology writer. Nicola spent many years as a senior copywriter and creative lead in marketing agencies, crafting compelling content and campaigns for major tech brands like HP, Dell, and Microsoft. She originally hales from Namibia and is a passionate advocate for the conservation of wild habitats--also putting her words to work for charities, eco-tourism, and healthcare. Nicola spends her time looking after her (wild) twins, rescue cats, and a crested gecko called Giles.
Avira logo

The internet is teeming with malware. Help shield yourself: Avira Free Security

Avira logo

The internet is teeming with malware. Help shield yourself: Avira Free Security for Mac

Avira logo

Your phone is precious to you and to hackers! Get Avira Mobile Security for iOS.

Avira logo

Your phone is precious to you and to hackers! Get Avira Antivirus Security for Android.