Malware attacks come in many forms, but they share a common goal: stealing or damaging your data. In recent years, both the volume and sophistication of these attacks have surged. Whether it’s classic threats like viruses, newer forms like infostealers, or large-scale operations like web-shell or supply-chain attacks, these threats target your computers, tablets, smart devices—and very often, your identity.
Malware can attack every kind of computer, tablet, and smart device you use. But with all the mystifying terms involved—spyware, ransomware, Trojan horses, and more—it can be tough to understand the threat, much less how to guard against it.
However, with malware attacks continuing to make headlines and showing no signs of slowing down, this is a threat that cannot be ignored.
Today’s cybercriminals are also using automation and artificial intelligence (AI) to launch more personalized and convincing malware attacks, making it even harder to spot them in time.
Cybercriminals will use malware seeking out details like credit card and bank account numbers, Social Security numbers, and website login credentials that they can then use to commit identity theft.
What is malware?
Short for “malicious software,” malware is often aimed at collecting sensitive information from individuals and organizations alike.
Malware is the term for applications or code designed to carry out malicious acts on computers, networks, or servers. Installed without a victim’s permission, malware may steal data, destroy files, or take over control of devices.
Cybercriminals distribute malware in a variety of ways. Often, they trick people into downloading infected attachments or clicking on nefarious websites. They may also sneak malware onto devices by exploiting vulnerabilities in software, such as outdated operating systems or insecure network protocols.
To protect against this, manufacturers build security measures into the operating systems of today’s devices. Web browsers and other programs feature their own safeguards as well.
But, cybercriminals continue to adapt, working out new ways to get around these defenses.
Defining malware: types and tactics
Each form of malware attacks in different ways, but they all have one thing in common: stealing or damaging data.
Here are some of the most common and emerging forms of malware you should know about:
Spyware installs itself on a device without your permission. It can keep tabs on your online activity and gather personal information. It may even alter your device's settings, like changing your default homepage to redirect you to malicious sites.
Adware works much like spyware but inundates your device with ads (often pop-ups), so cybercriminals can profit from your clicks.
Viruses spread among computers and networks, replicating themselves to infect files and programs. In the process, they record, damage, or delete data.
Worms are viruses that spread automatically through a network by finding and exploiting vulnerabilities in software. Unlike other viruses, they don’t need a human to hit “download” on an attachment or click on a bad web link.
Trojan horses masquerade as trustworthy files or apps. You might download a game or song from a file-sharing site and find that it functions just as you expected. In actuality, malicious software is downloaded along with it. Trojans may also show up as email attachments, like a Word file that looks like it came from a friend’s email address — but it definitely didn’t.
Ransomware encrypts files on a device so that the victim (often a large organization) cannot access their important or sensitive data until they pay a large sum. Ransomware may breach a system when a user is tricked into clicking an email link. Bad actors also steal employee credentials and use them to gain entry.
Evil JavaScript refers to malicious code embedded in websites or ads. When you visit a compromised page, the script can silently run in the background, stealing data, redirecting traffic, or installing other malware—often without any clicks or downloads.
Web shells are scripts that attackers upload to vulnerable web servers. Once installed, they allow remote access and control, enabling cybercriminals to steal data, manipulate content, or launch further attacks. These are often used in targeted breaches of websites and web applications.
Supply chain attacks target trusted software updates or third-party tools. Malware is embedded in legitimate packages or extensions, allowing attackers to compromise multiple organizations through a single weak link.
Fileless malware operates directly in memory rather than as a file, making it difficult for antivirus programs to detect or remove.
Phishing is commonly used to spread malware
Criminals often send phishing emails—or even text messages—that look very similar to the ones you get from organizations you do business with, such as banks and utility companies. These messages often include links or attachments that install malware. Rather than clicking them, type web addresses directly into your browser or contact the company through official channels.
How to protect yourself from malware
The devices and web browsers you use every day may not offer adequate security. Here’s how to shore up your defenses against malware:
Install reputable anti-virus protection. Anti-virus protection scans any files or links that you try to open and, if it recognizes a malicious file or website, will notify you and guide you in removing it. You're in luck if you're an Allstate Identity Protection member: Some of our identity protection plans offer cybersecurity tools that include advanced malware and anti-virus protection.
Use a firewall. Many operating systems on computers and smart devices include a firewall; make sure it is turned on in the device’s settings. Some anti-virus programs, like ours, include this as well.
Keep all software up to date. Consider setting your operating system, internet browser, and computer programs to update automatically. Companies offer “patches” to not only improve performance but also offer up-to-date security features.
Maintain your browser’s security settings, as they’re designed to protect against malware. If your browser presents a warning about the web page you’re about to visit or the file you’re trying to download, always take heed.
Download software from trusted sources only. There’s a good chance that free browsers, PDF readers, or other software found online could be infected with malware.
When adding new software to a device, carefully read each screen. If you see a program you weren’t expecting or are asked to install bundled software, refrain from downloading the extra program or quit the installation process.
Back up your important files regularly, especially to offline or cloud-based storage. This can help you recover quickly if your device is hit with ransomware.
Staying alert to unusual activity on your accounts or identity. Many forms of malware are designed to steal personal information, so ongoing monitoring can make a big difference.
Signs your device may be infected with malware
Malware isn’t always easy to recognize but stay alert to any changes in your device’s behavior.
Your computer, smartphone, or tablet might have malware if you notice any of the following symptoms:
Loads of ads, often in pop-up form, that are disruptive to your page viewing
Repeated error messages
Changes in performance, such as slowed speed, crashes, or failure to shut down
Shortened battery life
New toolbars or icons on your desktop or in your web browser
A new default search engine or unfamiliar websites that open automatically
Emails sent from your account that you didn’t write
If you notice multiple symptoms at once, disconnect from Wi-Fi immediately to help limit further spread or data loss.
How to get rid of malware
If you believe you have malware on your device, the first step is stopping any activity that involves your personal information: Don’t use online shopping sites, access your bank or credit card accounts, or pay bills until you know your device is safe.
Take action by installing a trusted anti-virus program or activating cybersecurity tools if you’re an Allstate Identity Protection member with a cyber plan. Some malware can pose as security software, so be sure to do your homework when selecting a service.
Direct the anti-virus program to run a scan. If it finds any malicious programs or codes, it will detail them and tell you how to remove them. After following the instructions, run another scan.
Hopefully, the program will now show that your device is free of malware. However, if problems are still detected, you may need to recover or reinstall your operating system—a process that can lead to full or partial data loss. Your device manufacturer’s website will share instructions on doing so.
Once your system is clean, change your passwords, enable multi-factor authentication, and review your financial and email accounts for unusual activity.
Malware doesn’t always lead to identity theft, but if you’re a member of Allstate Identity Protection, you can rest a little easier knowing that you’re benefiting from extra layers of protection.
