The web Browser you are currently using is unsupported, and some features of this site may not work as intended. Please update to a modern browser such as Chrome, Firefox or Edge to experience all features Michigan.gov has to offer.
Malware - What Is It and How To Avoid It
Malware – which is short for Malicious Software – is a catch-all term for apps or software intentionally designed to damage or contaminate an electronic device. It may steal sensitive and confidential information stored on your device or install harmful software to spy on your online activities and possibly even hold your device hostage. Malware can infect all types of electronic devices, including cell phones, personal computers, tablets, smart televisions, and even gaming systems.
Malware typically spreads by duplicating itself. It hides within the device’s data files, and the device must run that file for the malware to do its dirty work. Malware may remain dormant until the infected file is accessed, which then causes the malware to execute and do damage. Once activated, malware may spread to other files and programs across your device.
How is malware delivered?
The most common ways people are exposed to malware risks are through email, web sites, phone calls, and software or app downloads.
- Email: Sending out malware through email is simple and effective for a cybercriminal. Emails may appear to come from trusted sources such as the user’s bank or credit card company, or even a contact within the user’s list. The email will feature an appealing link or attachment that, if clicked on, will direct the user toward a seemingly legitimate version of a trusted website, convincing the user to change a password and send login information to the cybercriminal. The link or attachment is typically a virus that immediately begins collecting data once it is opened.
- Websites: A cybercriminal may design pop-up ads that warn users they have a virus to entice the user into clicking “OK” to clean their system. Clicking OK installs the virus on the host system. Even going to an unsecure website provides an opportunity for a virus to be downloaded.
- Phone: Users may receive a call from a cybercriminal claiming to be tech support, stating a virus has been detected on one or more electronic device, and requesting permission to access that device remotely. The cybercriminal will then download a virus, hijack the device, and steal personal and confidential information.
- Apps: A cybercriminal may insert malicious code in a popular app, and then advertise it as a free app for downloading. Once the user downloads the app, the malware infects the device.
Cybercriminals can do this from the comfort of home and be located anywhere in the world. They do not need direct contact with you to be successful. Cybercriminals can definitely trick users into infecting their own devices. But malware attacks will not work without the most important ingredient: YOU!
This is why it is so important to know what malware is, how to detect it, and how to deal with it.
The many forms of malware
- Viruses: A virus is malware that attaches to another program or app and, when triggered, replicates itself by modifying other computer programs and infecting them with its own code. This may cause a device to crash and allow cybercriminals to steal or destroy data. At the very least, it can create performance issues that hinder effective use of the device.
- Computer worm: A worm is similar to a virus, but it does not require user interaction to trigger.
- Trojan horse: A trojan horse is popular malware that can harm a digital device and its data by crashing the device, deleting files, and stealing confidential information.
- Ransomware: Ransomware is malware that will lock a device and deny access to its files and data. Cybercriminals then seek payment to unlock the device. If the device is infected with Ransomware, the FBI urges users to report these infections to the Federal Internet Crime Center.
- Spyware: Spyware often appear as pop-up advertisements to deceive users and share their information with third-party entities.
- Adware: Adware is advertising-supported software that generates ads automatically for creating revenue. Adware typically is bundled with software installed and then identifies the websites visited to present select advertisements to the viewer.
- Scareware: Scareware is a malicious computer program designed to trick the user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.
Detecting malware on a device
Users may experience a variety of symptoms that indicate the presence of malware on their device. Some system behaviors that raise red-flags are obvious, such as reduced performance, frequent crashing or freezing, sluggish apps, internet connection issues, unexpected pop-up ads, changes to the browser’s home page, current antivirus software or app stop working, and excessive battery usage.
Less obvious behaviors that should be monitored are loss of disk space, an increase in the system’s internet activity, or the device turning on Wi-Fi and internet connections without user knowledge.
Sometimes there are no signs, but this does not mean one should be complacent, because no news is not always good news. Powerful malware can hide deep in a system, going about its dirty business without raising any red flags as it snags passwords, steals sensitive files, or even uses the device system to spread to other devices.
Proper response to malware infection once detected
If malware is believed to have taken up residence in a device, there are a few steps that should be taken.
- First, isolate the infected system or device. Disable the wireless connection and turn-off Bluetooth so other connected devices will not become infected.
- Next, install a trusted and legitimate anti-malware/anti-virus program and run a scan.
- Once the device is clean, it is important to change passwords, not only for devices but also for email and social media accounts, favorite shopping sites, and online banking and billing centers. Finally, REPORT IT. Several agencies want to know about malware attacks including the local FBI Office, the Federal Trade Commission (FTC), and the Internet Crime Center (IC3).
No protection is absolute, but a combination of personal awareness and well-designed protective tools will make your device as safe as it can be.
Avoiding malware before it happens
All devices are vulnerable to malware. Given the choice, who wouldn’t want to prevent a computer virus instead of dealing with the aftermath? So the most important question is: “How do I make sure my device remains malware free?”
The answer to that is twofold: (1) personal vigilance and (2) protective tools.
- Personal vigilance is the first layer of protection against malware, but simply being careful is not enough. Because online security is not perfect, even downloads from legitimate sites can sometimes have malware attached. This means even the most cautious user is at risk unless additional measures are taken.
- download apps from third-party sources. Most malicious software is found in third-party apps.
- open strange, unsolicited, and unverified emails, texts, or messages of unknown origin. These can all be disguised to look like they are from a well-known company, bank, or even a friend. For additional information about fraudulent emails, please see “Fraudulent Email Thieves Intend to Steal Your Personal Information.”
- open or click on hyperlinks or attachments in instant or text messages from unknown sources ... click on pop-up ads while browsing the internet.
- use public Wi-Fi connections if you can avoid it.
- download a trusted ad-blocker to enable the device’s browser to block advertisements and pop-ups.
- visit secure websites only, where the web address starts with https://. (The S indicates secure.)
- install applications from trusted sources, reviewing the vendor prior to downloading.
- install and regularly update trusted anti-virus or anti-malware software. The security software that comes built into a device covers the basics, but it cannot always stop new, advanced, or rapidly-evolving threats.
- set up account alerts for online banking to be notified when account updates occur.
- change system login ID and password frequently. Do the same for any personal accounts such bank or credit card online accounts.
- install a virtual private network (VPN). By running the internet connection through an encrypted channel, the VPN protects data even when it is in transit.be aware of current and popular scams that trick users into unknowingly downloading the virus.
- back up devices regularly. Backing up files keeps them in an offline location that is not connected to the internet. This will help protect users if they lose access to data due to malware.
- Protective tools are created to address malware and viruses and are designed to seek out and eliminate any malware on a device. Well-designed anti-virus programs will check any newly downloaded app to ensure it is malware-free, periodically scan the device to detect and defeat any malware that might have slipped through, and is regularly updated to recognize the latest threats. Current and expert reviews of the latest technology products and software can be found online.
More information about malware can be found on the Federal Trade Commission (FTC) website.
For more information about unsolicited email scams, please see Fraudulent Email Thieves Intend to Steal Your Personal Information.
For general information on specific scams, see the Attorney General’s list of current Consumer Alerts.
To report fraud or if you have a general consumer complaint, contact the Attorney General's Consumer Protection Team at:
P.O. Box 30213
Lansing, MI 48909
Toll free: 877-765-8388
Online complaint form