See why 9,000+ companies trust Darktrace
Thanks, your request has been received
A member of our team will be in touch with you shortly.
¡Ups! Algo salió mal al enviar el formulario.

Malware definition

Malware is a malicious software designed by a cyber criminal attempting to infiltrate a device and disrupt, steal, or exploit sensitive information. There are many types of malware and each involve a different method of exploitation. However, in most cases the cyber criminal wants to gain access to information that could harm the user to either financially benefit themselves through the form of a ransom or identity theft.

A person sitting in front of a laptop running code while using their cell phone.

How does malware work?

Malware works by exploiting vulnerabilities in computer systems or software to gain unauthorized access and perform malicious actions. Once a system is infected with malware, it can spread to other systems and networks, making it difficult to detect and remove. Usually, threat actors are attempting to steal sensitive information, install ransomware, or send spam.

Malware can be installed into your systems in several ways including:

Types of malware

Malware is a malicious software designed by a cyber criminal attempting to infiltrate a device and disrupt, steal, or exploit sensitive information. There are many types of malware and each involve a different method of exploitation. However, in most cases the cyber criminal wants to gain access to information that could harm the user to either financially benefit themselves through the form of a ransom or identity theft.

Malware can take many forms, including viruses, worms, Trojans, ransomware, spyware, adware, and more. These programs can be designed to steal sensitive information, damage/destroy files, or even take control of the infected system. Malware is typically spread through email attachments, software downloads, and infected websites, among other methods.


These are programs that can self-replicate and infect other files on a computer or network. Because viruses can spread, it is vital that security teams contain a virus once it is within a system. If not contained, a virus can cause serious damage throughout a system.


A trojan malware can be installed into a system by tricking an individual into downloading a malicious software. The software appears to be legitimate but contain malicious code that can harm or exploit a system. Once a Trojan horse is installed, it can perform a variety of malicious actions, such as stealing sensitive data, logging keystrokes, or giving remote access to the attacker. Trojan horses can be spread through infected email attachments, software downloads, or malicious websites. 


This is a type of malware that encrypts valuable files on a victim’s device, denying access, and demanding money in exchange for access to the files. Ransomware has been increasingly difficult to deal with, especially with most ransom payments being made in crypto currency which is untraceable.


A software that will display unwanted advertisements or pop-ups on a computer or device. The adware will typically overwhelm a system's memory usage with advertisements, causing your device to slow down or even crash.


This is software that is installed on a device without the knowledge of the user. Operating in a covert manner, the spyware allows an attacker to monitor a user's activity and collect sensitive information, such as login credentials or financial data.


Short for “robot network” a botnet is a malware that infects a network of computers or multiple devices. All these devices are under control of an attacker or attacking party making it difficult to pinpoint the originally compromised device. When a system or computer is compromised it becomes a “bot” and is controlled by the “bot-herder” or “bot-master.”


Short for “malicious advertising” is used to distribute malware through the use of online advertising. The malicious code is embedded into ads that will infect a device upon clicking it.

How to prevent malware?

To prevent malware, you should use antivirus software, keep your operating system and software up to date, avoid clicking on suspicious links or downloading files from untrusted sources, and use strong passwords and multi-factor authentication. 

Malware can enter your systems in various ways. However, Email is the main attack vector for businesses and organizations because of the frequency and quantity of communication that is hosted on email platforms. Security professionals can take several advanced measures to better protect against malware in end user’s inboxes including:

How to check for malware on iPhone?

A top indicator of malware is an unintentionally jailbroken iPhone. For more covert cases, check for anything unfamiliar that you wouldn’t normally have on your iPhone: apps, strange messages, or random events in your calendar. Other ways to check for malware is to be observant about power and data usage. Unusually high usage of both data and energy is a sign of malware.

The App Store contains antivirus applications that allow you to reset your iPhone and remove any malicious materials.

Be careful of trojans posing as AVs on the App Store, ensure your security is from a reputable and verified source.

How to check for malware on a Mac?

You can check for malware on a Mac desktop or laptop by using an antivirus software or running a malware scan using the built-in protection feature that comes with macOS or you can manually delete malicious files or reset your Mac to its original factory settings.

You also want to update your software to the latest macOS software. Updated software usually includes patches that improve your security posture, making it very important to keep your Mac up to date.

For more information on Apple’s response to malware visit here.

How to detect and stop malware attacks

If malware is downloaded onto your device you should:

  1. Disconnect from the internet and restart your device. 
  2. You should also scan and remove any malicious programs with a virus scanner. 
  3. Check to see if you have any anti-malware or other security solutions on your device. If not, download it.
  4. Make sure all software and applications are up to date.
  5. Contact the manufacturer of your device for additional tech support.

Manually deleting suspicious files and restoring your device to its previous state is also possible but is not a foolproof process.

Malware is a serious security risk and can have devastating consequences to organizations that fall victim to an attack. Darktrace provides cyber security that defends against never before seen malware strains and can help security teams prevent, detect, respond to, and heal from a malware infection.

PREVENT allows the security team to identify, prioritize, and test vulnerabilities, reducing risk and hardening defenses both inside the organization and outside on the attack surface – continuously and autonomously. 

DETECT delivers instant visibility into the most advanced threats like novel malware strains by understanding what’s normal in your organization, to identify what’s not.

RESPOND delivers autonomous, always-on action to contain and disarm attacks within seconds. When a threat like malware is detected, RESPOND leverages Darktrace’s understanding of “self”, to pinpoint signs of an emerging attack, stopping malicious activity, while allowing normal business to continue. 

HEAL enables organizations to restore assets and systems affected by cyber-attacks to trusted operational states through AI assistance and automates remediation and recovery planning, decisions, actions, and communications.

Malware Example: Raccoon Stealer

Raccoon Stealer is a MaaS (Malware-as-a-Service) that was first publicized in 2019. It grants its customers, which it calls “affiliates,” access to info-stealer software, which is an easy-to-use automated backend panel hosting C2 infrastructure, with 24/7 customer support. Raccoon Stealer’s end goal is to access sensitive data saved in targets’ browsers and crypto-currency wallets, such as cookies, saved login details, saved credit card details, and crypto-currency keys and seed phrases. Losing this information to a cyber-criminal can have detrimental effects to an organization or individual, including account takeovers, financial losses, and greater compromises.  

In March 2022, Racoon Stealer’s operators announced the end of the project. A few months later, Racoon stealer v2 was unleashed, continuing the same means and ends as Raccoon Stealer v1.

Raccoon Stealer communicates with a remote server controlled by the attackers, sending the stolen data for storage or sale on the dark web. The malware is designed to avoid detection by security software by using anti-debugging and anti-virtualization techniques.

Darktrace has consistently picked up on several instances of Raccoon. In particular, in the below examples the affected device’s downloads of library files from the C2 server caused an alarm in the system and a quick response by Darktrace’s 24/7 SOC team.

Learn more about the Raccoon Stealer v1

Learn more about the Raccoon Stealer v2

Malware Example: Laplas Clipper

Laplas Clipper is a MaaS (Malware-as-a-Service) offering a variant of info-stealing malware that targets crypto-currency platforms. This malware has the capability to hijack in-progress transactions of certain crypto-currencies and send the funds to the attacker’s crypto-wallet instead.

In late 2022, Darktrace observed several threat actors employing a novel attack method to target crypto-currency users across its customer base, specifically with the latest version of Laplas Clipper. Darktrace was able to uncover and mitigate the activity and intervene to prevent the theft of large sums of digital currency.

Learn more about the Laplas Clipper

Related glossary terms

Esto es un texto dentro de un bloque div.