Resource Hub

Malware

Learn about malware, how it works, families and variants, and strategies to protect your organization from advanced threats.

A man stands before a computer and laptop, exploring malware information and strategies to safeguard against cyber threats.

Malware fundamentals

Understanding malware

Malware remains an enduring threat worldwide, constantly evolving as cybercriminals exploit new vulnerabilities. As AI-assisted attacks and malware-as-a-service lower attackers' barriers to entry, our connected digital world offers countless opportunities for profit through data theft, fraud, and ransom demands.

A woman with glasses sits at a desk, focused on her laptop, amidst discussions on evolving malware threats.

Zpedia

Malware: A Serious and Growing Threat

Protecting against malware attacks is not a recommendation, but a survival imperative across all verticals. As cloud adoption grows and remote, mobile, BYOD, and AI trends continue, new vulnerabilities and wider attack surfaces put data and users at greater risk than ever.

Report

Encryption Protects, Encryption Deceives

Encrypting your data can stop thieves from exploiting it. But by that same token, attackers can hide malware in encrypted traffic to bypass traditional defenses. In fact, malware represents 86.5% of threats in encrypted traffic.

Types of Malware

Explore the different types of malware

Threat actors use malware to steal or encrypt data, commit fraud, commandeer systems, or gain unauthorized access—usually looking to disrupt operations, turn a profit, or both. New types and variants of malware appear every day as attackers develop new strategies. Let's look at some of the most common types.

A speaker discusses malware types and their effects on data security to an engaged audience during a presentation.

Zpedia

What Is Ransomware?

Ransomware encrypts and/or steals data and holds it for ransom, denying victims access to their data unless the victims pay by a deadline—after which the data may be permanently lost or leaked.

Zpedia

What Is Botnet Malware?

Botnet malware turns infected devices into “bots.” Using a central command-and-control (C2) server, hackers can issue instructions to bots, using them to coordinate DDoS attacks, cryptomining, and more.

Zpedia

What Is Cryptojacking Malware?

Cryptojacking malware hijacks the processing power of infected devices (laptops, desktop computers, smartphones, etc.) to fuel cryptocurrency mining. Most victims never know their system is infected.

Other types of malware

  • Adware delivers unwanted ads to infected devices. It may track browsing habits, show pop-ups, hinder device performance, and steal data for profit.
  • Trojan horse malware disguises itself as legitimate software. Once installed, it can steal data, grant hackers backdoor access, or install other malware.
  • Spyware secretly monitors activity, stealing sensitive data like passwords or financial data. It can track keystrokes, log habits, and compromise privacy.
  • Viruses infect systems by attaching to files or programs. When executed, they spread, corrupt files, steal data, and disrupt operations or functionality.
  • Worms are self-replicating malware that spreads across networks. Unlike viruses, they don’t need hosts, making them ideal for large-scale infections.

Examples

Specific real-world examples 

  • HijackLoader expands on common “loader” capabilities with modules that enable it to evade security software, inject and execute malicious code, and much more.
  • DeepSeek Lure shows how generative AI tools open many new avenues to cybercriminals, such as easy creation of look-alike domains to lure users to malicious webpages.
  • NodeLoader is a family of malware that threat actors can use to deliver second-stage malware payloads, including cryptocurrency miners and information stealers.
  • Xloader steals data from web browsers, email clients, File Transfer Protocol (FTP) apps, and more, and can be leveraged to download and execute second-stage payloads.
  • RevC2 steals cookies and passwords, proxies traffic, and enables remote code execution. Venom Loader employs advanced obfuscation and encryption to evade detection.
  • Anatsa (TeaBot) is an Android banking malware that uses a benign-looking “dropper” app to deceive users into unwittingly installing malicious payloads.
  • Black hat SEO techniques can be used to elevate a malicious website in Google search results, increasing the chances of a user visiting the site and downloading malware.
  • CoffeeLoader uses numerous techniques to bypass security solutions, including a special packer that utilizes the GPU, call stack spoofing, sleep obfuscation, and more.

Prevention & Detection

How to prevent and detect malware

To effectively reduce risks associated with malware and ransomware, you need to understand the threats you’re up against.

blog post

Mitigating the Rising Tide of Malware and Ransomware Attacks

Know your enemy, know yourself. Stay up to speed on emerging malware and ransomware variants, trending attack vectors and tactics, and the latest effective defense strategies.

Products & Solutions

Transform Your Architecture from Firewalls to Zero Trust

As cyberthreats grow in volume and sophistication, firewalls are coming up short. Only a zero trust proxy architecture can inspect 100% of TLS/SSL traffic at scale to stop hidden malware.

Products & Solutions

Predict Breaches with Preemptive Detection and Response

Breach Predictor uses attack graphs, user risk scoring, and threat intel to predict potential breaches, offer real-time policy guidance, and enable teams to take proactive action.

Blog post

Prevent Compromise of Private Applications with ZPA Threat Inspection

ZPA Threat Inspection offers Malware Protection, which can inspect file uploads and downloads for malware in a variety of protocols and take action per violation.

Blog post

Securing Public Sector Against IoT Malware

Many IoT devices are inherently insecure, introducing new vulnerabilities and attack vectors. How can the public sector stay resilient without slowing down innovation?

Response & Solutions

Malware incident response and solutions

Amid new threats and attack vectors, security is evolving past firewalls and perimeter-based approaches. Advanced threat protection (ATP) combines cloud security, email security, endpoint security, and more to strengthen defenses against modern threats.

Three team members engaged with computers in an office, concentrating on malware incident response and solutions.

Products & Solutions

Stop Sophisticated Attacks with Advanced Threat Protection

To protect users, workloads, apps, and IoT/OT, you need intelligent, cloud native threat detection and response that lets you stop threats inline, inspect TLS/SSL traffic at scale, and quarantine unknown threats.

Products & Solutions

Stop Unknown Attacks in Seconds with Cloud Sandbox

Block threats before they reach your endpoints with real-time analysis and instant verdicts. Leverage unlimited, latency-free inline inspection, even for encrypted files.

Product & Solution

Stop Hidden Attacks with Complete DNS Security

Make DNS work for you—not for bad actors. Uncover and stop hidden threats that exploit DNS to deliver malware, steal data, and disrupt operations.

Explore more resources

Resource

Threats and Vulnerabilities

Explore our resource hub
Resource

Ransomware

Explore our resource hub
Resource

Phishing

Explore our resource hub

Zero Trust Essentials

Explore more topics

Browse our learning hubs–read up on fundamentals, use cases, benefits, and strategies.