Skip to Content
Threats and Attacks

What is malware?

Malware (short for "malicious software") is any program or code created on purpose to damage, break into or take control of a computer, server, phone or network without the owner's permission. It is the umbrella term that covers viruses, ransomware, spyware, trojans and other families: each type behaves differently, but they all share the same intent, to cause harm or to give an attacker access they should not have.

Zamak TechnologiesUpdated on July 10, 2026

How a malware attack happens

Malware does not appear out of nowhere inside a company: it has to get in, install itself and act. The cycle usually has four stages, and understanding each one shows where the defense can break the attack.

1

Entry

The code arrives through an email attachment, a phishing link, a compromised website, a USB drive or a pirated program. The most common door is the person, not the machine.

2

Execution

Once opened, the malware runs on the device. Many disguise themselves as a legitimate file, and the newer variants run straight in memory, leaving no file on disk for the antivirus to find.

3

Installation and persistence

The code embeds itself in the system to survive reboots, turns off protections and often opens a door for the attacker to return whenever they want.

4

Action

The real payload runs: encrypting files for ransom, stealing passwords, spying, mining cryptocurrency or using the machine as part of an attack network against others.

Source: N-able Cyber Encyclopedia and the AV-TEST Institute.

How malware gets into your company

  • Attachments and links in phishing emails, the single most common vector
  • Compromised websites that install the code just by loading the page (drive-by download)
  • Pirated programs, browser extensions and apps from untrusted sources
  • Infected USB drives and removable devices
  • Stolen credentials that let an attacker log in and install the malware from the inside
  • Unpatched software flaws, exploited before the fix is applied

The main types of malware

  • Virus Attaches to a legitimate file and spreads when that file is opened or shared.
  • Ransomware Encrypts files or locks the system and demands a ransom to restore access.
  • Spyware Runs hidden to monitor activity and capture passwords, data and banking details.
  • Trojan horse Poses as a useful program and, once installed, opens a back door for the attacker.
  • Worm Spreads on its own from machine to machine across the network, with no one needing to open anything.
  • Adware Floods the machine with intrusive ads and, in its malicious form, opens the door to other threats.
  • Keylogger Records every keystroke to steal passwords and card numbers.
  • Fileless malware Runs only in memory, abusing the system's own tools, to slip past traditional antivirus.

Why malware is a constant threat to your company

450K
new malicious programs registered per day by an independent testing institute (AV-TEST)
1.56B
malware samples already catalogued in that institute's database as of 2025 (AV-TEST)
79%
of detections in 2024 involved no file on disk, a sign of the shift toward fileless malware (CrowdStrike Global Threat Report 2025)

Malware is the raw material of most attacks, and the scale is industrial: a single independent testing institute registers more than 450,000 new malicious programs a day, and its database has already passed 1.56 billion catalogued samples. The bigger shift is in tactics. Much of today's intrusion no longer uses a classic malicious file: in 2024, four out of five detections involved no file on disk at all, but code running in memory and the abuse of stolen credentials. That breaks traditional antivirus, which compares files against a list of known threats: whatever has never been seen, or is not a file, walks right through. This is why defense moved from the signature to the behavior, with endpoint detection and response (EDR) watching what each program does in real time, not just what it is.

How to protect the company against malware

No single measure covers every malware family. Protection is built in layers, in the order that reduces risk the most:

  1. Advanced endpoint defense (EDR)Replace traditional antivirus with a defense that detects by behavior, able to recognize the never-before-seen attack and the malware that runs only in memory.
  2. Constant software updatesMost malware gets in through a flaw that is already known and unpatched. Keeping systems and apps updated closes that door.
  3. A second identity checkWith a second factor beyond the password, a credential stolen by a keylogger no longer opens the door on its own.
  4. Email and web securityMost malware arrives by email or through a link. Filtering messages and blocking malicious sites cuts the most-used vector.
  5. Training the peopleSince the most common entry is human, a team that recognizes the suspicious attachment and the odd request is the first line of defense.
  6. Isolated, tested backupIf malware does get through, a backup separated from the network and with tested recovery is what restores operations without paying a ransom.

In practice

The question that reveals the real risk: if a new piece of malware, with no known signature, ran on a company computer right now, would what is installed today catch it by its behavior, or would you only notice after the files were already encrypted?

How Zamak protects your company against malware

Zamak Technologies treats malware as a layered problem, not a single product. The base is advanced endpoint defense, which detects by behavior instead of relying on a list of known threats, combined with managed updates, email security, a second identity check and isolated, immutable backup, all monitored by a security operations center. That way, even never-before-seen malware runs into more than one barrier. A good starting point is the security maturity check, which shows in minutes where your company is most exposed.

Frequently asked questions about malware

What is the difference between a virus and malware?
Malware is the umbrella term for all malicious software. A virus is just one type of malware, the kind that attaches to a legitimate file and spreads when the file is opened. Every virus is malware, but not all malware is a virus: ransomware, spyware and trojans are also malware and work in different ways.
Does traditional antivirus still protect against malware?
It helps against threats that are already known, but on its own it is no longer enough. Traditional antivirus compares files against a list of catalogued threats, so new malware, or malware that runs only in memory, goes unnoticed. Today's defense uses behavior-based detection (EDR), which watches what each program does, not just what it is.
How does malware get into a company?
Most of the time, through a human action: an attachment or link in a phishing email, a compromised website, a pirated program or an infected USB drive. Stolen credentials and unpatched software flaws are also frequent entry points.
What is fileless malware?
It is malware that never writes a file to disk: it runs directly in memory, often abusing the operating system's own legitimate tools. Because it leaves no file for traditional antivirus to analyze, it is especially hard to detect without a behavior-based defense.
Can a phone get malware?
Yes. There is malware for phones, usually disguised as a legitimate app, capable of stealing passwords, messages and banking data. Downloading apps only from official stores, keeping the system updated and being wary of links reduces the risk considerably.
Does paying a ransomware ransom solve the problem?
It is not advisable. Paying does not guarantee the data comes back, it funds the crime and it marks the company as a payer for future attacks. The safe path is layered prevention plus an isolated, tested backup, which lets you restore operations without negotiating.

Related terms

Endpoint and Identity
MFAPAM (privileged access)SSO (single sign-on)
Detection and Response
EDRMDRXDRMITRE ATT&CKSIEMSOC (security operations center)
Network and Access
ZTNAFirewallVPNSASE
Governance and Compliance
LGPDISO 27001SOC 2NIST CSFShadow ITCyber maturity assessmentHIPAAPCI DSSGDPRCMMCCIS ControlsISO 42001 (AI management)NIST AI RMFNIST 800-171FTC SafeguardsISO 27701 (privacy)FedRAMPGRC (governance, risk, compliance)vCIOvCISO
Concepts and Fundamentals
Deep webZero TrustDefense in depthAttack surfaceEndpointLeast privilege
AI and Security
Shadow AIAI governancePrompt injectionOWASP LLM Top 10Deepfake