Malware terms

50 terms

• Malware

  Any software intentionally designed to disrupt, damage, or gain unauthorized access to computers, networks, or data.

• Computer Virus

  Malicious code that inserts copies of itself into other programs or files and executes when the host is run.

• Computer Worm

  Self-replicating malware that propagates across networks autonomously, without requiring a host file or user interaction.

• Trojan Horse

  Malware that disguises itself as a legitimate program to trick users into running it, delivering a hidden malicious payload.

• Ransomware

  Malware that encrypts a victim's data or locks systems and demands payment in exchange for restoring access.

• Wiper Malware

  Destructive malware whose primary goal is to irreversibly erase or corrupt data, firmware, or boot records — not financial gain.

• Spyware

  Malware that secretly collects information about a user, device, or organization and sends it to an external party.

• Adware

  Software that automatically displays, injects, or redirects to advertisements, often bundled with free software and frequently tracking user behavior.

• Rootkit

  Stealth malware that grants and hides privileged access to an operating system or device, evading detection by standard tools.

• Bootkit

  Malware that infects the boot process — MBR, VBR, or UEFI — to load before the operating system and obtain persistent, privileged control.

• Keylogger

  Software or hardware that records the keystrokes a user types, used to steal passwords, financial data, or messages.

• Screen Scraper

  Malware or surveillance code that captures images of a victim's screen or extracts text from it to harvest data displayed on-screen.

• Backdoor

  A covert mechanism that bypasses normal authentication or access controls to give an attacker future entry to a system.

• Logic Bomb

  Malicious code that lies dormant inside a program and activates its payload only when a specific logical condition is met.

• Time Bomb

  A type of logic bomb whose triggering condition is a specific date, time, or elapsed interval rather than another logical event.

• Fork Bomb

  A denial-of-service technique in which a process repeatedly forks itself, exhausting process tables, memory, and CPU on the host.

• Fileless Malware

  Malware that runs primarily in memory and leverages trusted system tools, avoiding the use of traditional executable files on disk.

• Polymorphic Malware

  Malware that changes its on-disk appearance — typically via re-encryption or packing — for each infection, while keeping its core logic intact.

• Metamorphic Malware

  Malware that fully rewrites its own code on each propagation, producing semantically equivalent but structurally different binaries.

• Stealth Malware

  Malware specifically engineered to evade detection by users, security tools, and forensic investigators through hiding, mimicry, and anti-analysis tricks.

• Dropper

  Malware whose role is to install ("drop") another malicious payload onto a target system, often after evading initial detection.

• Loader

  Malware that prepares the environment and loads further payloads — often directly into memory — for a subsequent stage of an attack.

• Downloader

  Lightweight malware whose main function is to retrieve and execute additional malicious payloads from a remote server.

• Botnet

  A network of internet-connected devices infected with malware and remotely controlled by an attacker to perform coordinated activities.

• Command and Control (C2)

  The infrastructure and channels attackers use to maintain communication with compromised systems and send them instructions.

• Zombie Computer

  An internet-connected device secretly compromised by malware so an attacker can remotely command it, typically as part of a botnet.

• Cryptojacking

  The unauthorized use of someone else's computing resources to mine cryptocurrency, typically via malware or malicious browser scripts.

• Cryptominer

  Software that performs cryptocurrency mining; malicious variants run without consent and divert host resources to attacker-controlled wallets.

• Banking Trojan

  Malware designed to steal online-banking credentials and authorize fraudulent transactions, typically through web injects, form grabbing, or overlays.

• Remote Access Trojan (RAT)

  Malware that gives an attacker covert, interactive control of an infected device, similar to a hidden remote-administration tool.

• Info Stealer

  Malware that harvests credentials, cookies, tokens, crypto wallets, and other sensitive data from an infected device and exfiltrates it to the attacker.

• Credential Stealer

  Malware focused specifically on extracting passwords, hashes, and authentication tokens from an infected system or its memory.

• Mobile Malware

  Malicious software that targets smartphones and tablets to steal data, intercept communications, mine cryptocurrency, or perform financial fraud.

• Firmware Malware

  Malicious code that lives in device firmware — BIOS/UEFI, network cards, drives, or peripherals — surviving OS reinstalls and most endpoint defences.

• BIOS Rootkit

  A rootkit that infects legacy BIOS firmware so it executes before the operating system, achieving deep persistence below the OS.

• UEFI Rootkit

  A rootkit implanted in UEFI firmware that loads before the OS, persists across disk wipes, and bypasses most endpoint security.

• Ransomware-as-a-Service (RaaS)

  A criminal business model in which ransomware operators rent their malware and infrastructure to affiliates who carry out attacks and share the proceeds.

• Doxware

  Malware that threatens to publish stolen sensitive data unless a ransom is paid, combining extortion with data-leak blackmail.

• Scareware

  Malicious software or web content that uses fake alarming messages to scare victims into installing junk software, paying for fake services, or calling fraudsters.

• Rogue Security Software

  Fake antivirus or system-cleaning software that pretends to find threats and demands payment to fix them, while often installing real malware itself.

• Macro Virus

  A virus written in the macro language of an office application that runs when an infected document is opened and macros are enabled.

• Boot Sector Virus

  A virus that infects the boot sector or master boot record of a disk so it runs before the operating system loads.

• Resident Virus

  A virus that installs itself in memory so it can run continuously and infect files or processes long after its host program has exited.

• Non-Resident Virus

  A virus that does not stay in memory after execution; it searches for and infects target files only while the host program runs, then exits.

• Browser Hijacker

  Software that alters browser settings without user consent to redirect traffic, change the homepage and search engine, or inject unwanted ads.

• Trackware

  Software that monitors and reports on user activity — sites visited, apps used, keystrokes, or location — typically for advertising, analytics, or stalking.

• Potentially Unwanted Program (PUP)

  Software that is not strictly malicious but installs without clear consent, behaves intrusively, or degrades user experience — for example, bundled toolbars, adware, or aggressive optimizers.

• Greyware

  Software that sits in a grey area between legitimate and malicious — annoying, intrusive, or risky, but not clearly designed to harm the user.

• Wabbit

  A self-replicating program that stays on a single host and exhausts its resources by spawning endless copies of itself, without spreading over the network.

• Payload

  The part of an exploit, malware, or attack that actually performs the malicious action, such as encrypting files, opening a backdoor, or stealing data.