The meaning of malware is straightforward: malware is any software written with malicious intent — to damage, disrupt, steal from, or gain unauthorized access to a computer, network, or the data on it. The word is a contraction of "malicious software," and it is an umbrella term covering everything from ransomware to spyware to the poisoned package that slips into a software supply chain. What unites the category is intent, not technique.
That intent framing matters. A tool is not malware because of what it can do; a legitimate remote-administration tool and a remote-access trojan may use identical mechanisms. It is malware because it was deployed to harm or deceive without the owner's informed consent.
The main types of malware
Malware is usually classified by behavior. The common families:
- Viruses attach to a legitimate file or program and spread when that host is executed. The defining trait is that they need a host and human action to propagate.
- Worms self-replicate and spread across networks on their own, without needing a host file or user action — which is why they can move so fast.
- Trojans disguise themselves as something benign to trick a user into running them. A fake installer or a cracked app that carries a hidden payload is a trojan.
- Ransomware encrypts a victim's data and demands payment for the key. It has become one of the most financially damaging categories.
- Spyware covertly collects information — keystrokes, credentials, browsing — and sends it to an attacker.
- Adware forces unwanted advertising; often merely annoying, sometimes a vector for worse.
- Rootkits hide deep in a system to maintain persistent, stealthy access and evade detection.
- Cryptojackers hijack a machine's resources to mine cryptocurrency for the attacker.
These are not mutually exclusive. Modern malware is frequently modular — a trojan that drops a rootkit for persistence and then deploys ransomware, for example.
How malware spreads
Understanding delivery is half of defense. The recurring vectors:
Phishing and social engineering. Still the number-one entry point. A convincing email gets someone to open an attachment or click a link that runs the payload. The malware does not break in; a person lets it in.
Malicious or compromised downloads. Cracked software, fake updates, and trojanized installers deliver malware to users who think they are installing something legitimate.
Software supply chain. This is the vector that has grown most alarmingly. Instead of attacking a target directly, an attacker compromises a component the target trusts — a popular open-source package, a build tool, an update server. When the target pulls in the poisoned dependency, the malware arrives through the front door, signed and trusted. Typosquatted packages (a malicious expresss next to the real express) and hijacked maintainer accounts are common techniques here.
Exploiting vulnerabilities. Unpatched software gives worms and automated exploits a way in without any user action at all.
Removable media and lateral movement. USB drives and, once inside a network, movement from one compromised host to others.
Why the supply-chain vector changes the calculus
For anyone building software, the supply chain vector deserves special attention because it inverts the usual trust model. You deliberately pull thousands of lines of other people's code into your application every time you run a package install. If any one of those packages — or one of their transitive dependencies — is malicious, you have imported malware into your own build with your own tooling.
This is why dependency scanning has become a security control and not just a quality one. Knowing exactly what is in your dependency tree, watching for packages that suddenly change ownership or exhibit suspicious install-time behavior, and catching known-malicious packages before they build is now part of basic hygiene. An SCA tool such as Safeguard can flag a dependency associated with known malicious activity before it ships, though no single control replaces layered defense.
How malware is detected
Detection has evolved well past matching known file signatures. The layers that work together today:
- Signature-based detection catches known malware by matching hashes or byte patterns — fast and reliable for known threats, useless against novel ones.
- Heuristic and behavioral analysis watches what a program does. A process that starts encrypting files en masse or reaching out to a known command-and-control address is flagged on behavior, even if its file has never been seen before.
- Sandboxing runs a suspicious file in an isolated environment to observe its behavior safely before it touches a real system.
- Reputation and telemetry use the fact that a file has never been seen anywhere else as itself a suspicious signal.
For build pipelines specifically, scanning dependencies against threat intelligence and watching for anomalous package behavior extends these same principles to the supply chain.
FAQ
What does malware mean?
Malware — short for malicious software — is any program written with intent to harm, disrupt, steal from, or gain unauthorized access to a system or its data. It is an umbrella term covering viruses, worms, trojans, ransomware, spyware, and more.
What are the most common types of malware?
The main families are viruses, worms, trojans, ransomware, spyware, adware, rootkits, and cryptojackers. They are classified by behavior, and modern malware often combines several — for example a trojan that installs a rootkit and then deploys ransomware.
How does malware most commonly get in?
Phishing and social engineering remain the top vector, followed by malicious downloads, software supply chain compromises (poisoned dependencies), and exploitation of unpatched vulnerabilities. Most malware relies on a person or a trusted process letting it in.
Why is supply-chain malware a growing concern for developers?
Because building software pulls in large amounts of third-party code automatically. A single malicious or hijacked dependency imports malware through trusted tooling, which is why scanning dependencies against known-malicious data has become a standard security control.