Security Guide ยท Updated 2026-05-24
Malware Glossary for Beginners
Malware is a broad term for software or code designed to harm systems, steal information, interrupt operations, or give unauthorized access. This glossary explains common malware terms in simple English for everyday users and small businesses.
Malware
Malware means malicious software. It can affect confidentiality, integrity, or availability. In simple terms, it can steal data, change files, spy on users, interrupt work, or allow an attacker to control a system.
Virus
A virus is malware that attaches itself to another file or program. It usually needs the infected file to run before it can spread. Classic file infectors can modify executable files and move from one system to another through shared files, removable drives, or unsafe downloads.
Worm
A worm can spread by copying itself, often through email, USB drives, shared folders, or network weaknesses. Unlike a classic virus, a worm does not always need to attach to another program. Worm outbreaks can spread quickly when many devices share the same weakness.
Trojan
A Trojan disguises itself as something useful or harmless. It may look like a game, tool, installer, document, or update. Once executed, it can open a backdoor, steal data, install additional malware, or give remote access to an attacker.
Ransomware
Ransomware blocks access to files or systems and demands payment. Many modern ransomware incidents also include data theft. This means the victim may face two problems: encrypted files and the threat of public data exposure.
Adware
Adware displays unwanted advertisements, redirects browsers, or injects promotional content. Some adware is only annoying, but aggressive adware can expose users to phishing pages, fake updates, and unsafe downloads.
Spyware
Spyware collects information without clear permission. It may track browsing activity, capture screenshots, collect account information, or monitor user behavior. In business environments, spyware can create privacy and compliance problems.
Rootkit
A rootkit is designed to hide activity or maintain deep access. Rootkits may hide files, processes, drivers, or registry entries. They are difficult for normal users to identify because the goal is to stay invisible.
Keylogger
A keylogger records keystrokes. It may capture usernames, passwords, messages, or payment details. Some keyloggers are software-based, while others can be hardware-based. For normal users, signs are often not visible.
Backdoor
A backdoor gives hidden access to a system. Attackers may use it to return later, run commands, upload tools, or move to other systems. Backdoors are dangerous because the device may appear normal while unauthorized access remains possible.
Botnet
A botnet is a group of infected devices controlled by an attacker. The infected devices may be used for spam, credential attacks, distributed denial-of-service attacks, proxy traffic, or other abuse.
Fileless malware
Fileless malware uses legitimate system tools or memory-based execution instead of dropping a normal malicious file. This can make detection harder. It often abuses tools that already exist in Windows, such as scripting or management components.
Downloader and dropper
A downloader is malware that retrieves additional malicious components from the internet. A dropper installs or unpacks another payload. The first file may look small, but the real damage happens after it brings in more tools.
Info stealer
An info stealer focuses on stealing data such as browser passwords, cookies, crypto wallet files, tokens, screenshots, system details, or saved credentials. Some stealers work quickly and leave before users notice anything.
Scareware
Scareware uses fear to make users install software, pay money, or call fake support. It often shows fake infection alerts, countdown timers, or urgent warnings.
Potentially unwanted application
A potentially unwanted application is not always classified as malware, but it may still create risk. It can change browser settings, install extra software, display unwanted ads, or reduce system performance.
Why definitions matter
Knowing the difference between malware types helps users respond correctly. Ransomware requires containment and backup recovery planning. Adware may require browser cleanup. Trojans may require account password resets. Info stealers may require urgent credential rotation and session revocation.