Malware is any software written to harm you, spy on you, or take control of your device without permission. The word is short for malicious software, and it is the umbrella term for viruses, worms, trojans, ransomware, spyware, and every other program built to do damage. If a piece of code does something to you rather than for you, it is malware.
The labels matter less than people assume. A virus, a worm, and a trojan are mostly different delivery methods for the same goal: someone wants access to your files, your accounts, or your money, and they wrote a program to get it. Once you understand the handful of categories that actually matter, the whole subject becomes far less intimidating.
This guide covers the major types in plain English, how infections really happen, the warning signs worth taking seriously, and the exact steps to take if you think a device is already infected.
Viruses, worms, and trojans: the classic three
People often call every infection a virus, but a virus is a specific thing: a program that attaches itself to a legitimate file and spreads when that file is opened or shared. It needs a host, and it needs you to act, which is why true viruses are less common than they once were.
A worm does not wait for you. It spreads on its own from device to device across a network, exploiting security holes as it travels. Worms are the reason a single infected laptop can take down an entire office.
A trojan is the one you are most likely to meet. It disguises itself as something you want: a free game, a PDF converter, a cracked copy of paid software, a fake update. You install it willingly because it looks legitimate, and it quietly opens a back door for whoever built it. Most modern malware arrives this way, because tricking a person is easier than beating a machine.
The malware built to make money off you
Nearly all malware today is a business. These are the categories that pay the bills for criminals, and they are the ones worth knowing on sight.
- Ransomware encrypts your files, or your entire device, and demands payment for the key. It is devastating precisely because it targets the things you cannot replace: photos, documents, business records.
- Spyware watches you quietly. Keyloggers record what you type, including passwords. Stalkerware, a nastier cousin, is installed by someone who knows you personally to track your location and messages.
- Infostealers grab saved passwords, browser cookies, and payment details in one fast sweep, then send everything to the attacker. They are a major source of hijacked accounts.
- Adware floods your device with ads and redirects your browser. It is the least dangerous category, but it often travels with worse company.
- Cryptominers hijack your processor to generate cryptocurrency for someone else. Your device runs hot and slow while a stranger collects the profit.
- Botnet malware silently enrolls your device in a network of infected machines that criminals rent out for spam and attacks. You may never notice anything beyond a sluggish connection.
A rootkit deserves a mention too. It is not a goal in itself but a hiding technique: it buries other malware deep in the operating system, where scans have trouble finding it.
How malware actually gets onto a device
Infections do not appear out of nowhere. Almost every one starts with a few well-worn routes:
- Phishing emails and texts. An attachment that claims to be an invoice, or a link to a fake login page. This is the front door for most infections.
- Fake and bundled downloads. Pirated software, free versions of paid apps, and download buttons on shady sites are classic trojan delivery. So are installers that sneak in unwanted extras.
- Malicious ads. Compromised ad networks can push fake virus warnings and bogus update prompts even on legitimate sites. A content blocker cuts off much of this route, and you can see what your browser currently filters with our ad blocker test.
- Fake browser and app updates. A pop-up telling you your video player is out of date is almost never telling the truth. Real updates come through the software itself or your operating system.
- Unpatched security holes. Worms and drive-by downloads exploit known flaws in software that has not been updated. This is why updates matter more than any other single habit.
- USB drives and shared files. Less common now, but an unknown flash drive is still a risk not worth taking.
Warning signs a device is infected
No single symptom proves anything, but several of these together are a strong hint:
- The device is suddenly much slower, runs hot, or the fan spins constantly while idle.
- Pop-ups appear outside the browser, or your homepage and search engine change on their own.
- New toolbars, extensions, or programs show up that you never installed.
- Friends receive spam or strange links sent from your accounts.
- Your security software is turned off and will not stay on.
- You are locked out of your files, or a message on screen demands payment.
On phones, watch for rapid battery drain, data usage you cannot explain, and apps you do not remember installing.
What about iPhones and Android phones?
Phones are safer than laptops by design, because every app runs in its own sealed sandbox. They are not immune, though, and the risks differ by platform.
On iPhone, true malware is rare unless the phone is jailbroken. The realistic threats are scam apps, phishing, and malicious configuration profiles. Open Settings, then General, then VPN & Device Management, and remove any profile you do not recognize. Keep iOS current in Settings, then General, then Software Update.
On Android, the main risk is installing apps from outside the official store, a practice called sideloading. Stick to the app store on your phone, leave the built-in app scanning turned on, and be suspicious of any app that demands accessibility permissions without a clear reason.
How to remove malware, step by step
If you suspect an infection, work through this list in order. Whatever you do, do not download a cleaner tool advertised in a pop-up, since those are frequently malware themselves.
- Disconnect from the internet. Turn off Wi-Fi or unplug the network cable. This stops data theft and keeps the infection from spreading.
- Run a full scan. On Windows, open the Windows Security app, choose Virus & threat protection, then Scan options, then Full scan. If something stubborn turns up, run the offline scan from the same menu, which restarts the machine and checks it before Windows fully loads.
- Uninstall what you do not recognize. On Windows, go to Settings, then Apps, then Installed apps, and sort by install date. On a Mac, check the Applications folder, remove anything unfamiliar, and empty the Trash.
- Clean the browser. Remove extensions you did not add, then reset your homepage and default search engine.
- Change your passwords from a clean device. Assume anything typed or saved on the infected machine is exposed. Start with email and banking. Our email breach checker can also show whether your address already appears in known data leaks.
- Restore or reset if needed. For ransomware, restoring files from a backup beats paying, since payment funds the operation and does not guarantee recovery. If an infection keeps returning, a factory reset or a clean reinstall of the operating system is the reliable fix.
Habits that prevent most infections
Prevention is mostly boring, which is good news. A few standing habits block the vast majority of attacks:
- Turn on automatic updates for your operating system, browser, and apps, and restart when asked.
- Download software only from official app stores and the developer's real website.
- Treat unexpected attachments and links as hostile until proven otherwise, even from people you know, since their account may be compromised.
- Leave built-in protection on. The Windows Security app and the equivalent protections on a Mac run quietly and catch most threats. Add a reputable antivirus if you want a second layer.
- Keep unique passwords in a password manager such as Bitwarden or 1Password, so one stolen password cannot open every account you have.
- Back up your files automatically to an external drive or cloud storage. A current backup turns ransomware from a disaster into an inconvenience.
Where to start tonight
You do not need to do everything at once. These five steps take under an hour and cover the bulk of the risk:
- Run a full scan with your built-in security software and let it finish.
- Install every pending update on your computer and phone, then restart.
- Open your browser's extensions page and remove anything you do not use or recognize.
- Turn on automatic backups for the files you would genuinely miss.
- Confirm your email and bank accounts each have a unique password and two-factor authentication.
Malware thrives on outdated software and rushed clicks. Slow down at the moments that matter, keep things patched, and the odds shift heavily in your favor.