Why do cybercriminals use malware?

Malware warning on a computer screen
(Image credit: Unsplash / Ed Hardie)

People turn to crime for a variety of reasons including revenge, greed, pride, and the thrill of getting away with it. Cybercriminals aren’t much different in their reasons for releasing malware on computers. No matter the reason, or the threat used, being a victim is hard to recover from because it takes time and often money to get your system back up and running.

Malware is any threat used to disrupt the normal use of your computer. For example, viruses cause your computer to slow down while rootkits are used by hackers to use your computer remotely without you knowing. Worms can be passed on from computer to computer through shared files and programs, and phishing schemes trick you into giving your personal information away.

Here are some of the malware used by PC mobsters, what they target, why they are used, and some ways to protect yourself from becoming a victim. Each is recognized and blocked by the best antivirus software, though some solutions do a better job than others. 

Malwarebytes Premium is today's best anti-malware tool
Save 25% on your security:

Malwarebytes Premium is today's best anti-malware tool
Save 25% on your security:
Sometimes free software just isn't enough. Malwarebytes Premium is reasonably priced and uses heuristic analysis to identify new strains of malware, cleans up existing infections, helps protect you from phishing scams, and helps stop you downloading further malicious software.

Save 25%| $44.99 $33.74

 Wreak havoc

Almost like a teen trying to get a reaction, many cybercriminals simply like the idea of making your life miserable. These criminals set loose worms, viruses, and rootkits simply to cause your computer to slow down. Some clone social media accounts to send annoying spam messages to your contact. Others hack your accounts to send inappropriate images and texts to cause embarrassment.

There are criminals who use the havoc tactic as a first wave to set your system up for a more damaging infection. But at the heart of it all, being infected with any malware is a headache and is difficult to remove once it is on your computer. In some instances, like rootkits, the malware looks and acts similarly to legitimate programs. Traditional antivirus software installed after an infection can have a hard time recognizing it all.

Malwarebytes is an antivirus solution that is really good at finding and removing malware after an attack. While it’s better to avoid an attack in the first place, malware removal tools are helpful in this situation. 

 Identity theft 

Identity theft is like a bad penny that keeps showing up long after you think it's gone. Once your information is on the black market it’s nigh on impossible to reclaim it. So many types of malware are used to swipe, hack, or trick you into giving out your personal information. For example, spyware crawls through your computer looking for usernames and passwords to bank accounts, email addresses, and credit card numbers that are saved in Word documents or in digital receipts. 

Never save personal information on your computer because spyware can easily find them. If you have difficulty remembering login information, look into using a password manager. These programs encrypt information and secure them in a way that malware can't see. And for added protection when shopping or banking online choose an antivirus solution, like Trend Micro, that includes safe banking tools to keep personal and financial information locked down.

Another clever threat used by cybercriminals is phishing schemes. These are usually sent as email messages that look like they are from a legitimate source. For example, you could get an email that looks like it is from PayPal asking you to click a link and update your password. However, you will be redirected to a site that looks like PayPal but is actually a scheme to capture personal information.

Other phishing schemes come through instant messages from people pretending to be friends or family members. Some are so good at disguising themselves that it’s hard to ignore their pleas for financial help and transfer a few dollars. There are also phishing schemes that look like legitimate advertisements. But, like phishing emails, you will be redirected to a fake site where personal information is collected to be later sold or used.

For phishing schemes, there are antivirus programs that can help, especially when trying to reach a malicious website. Antivirus, and even web browsers, will usually display a warning message causing you to pause before continuing. But for direct messages, it’s better to pick up the phone and call the person directly to double-check if they really are asking for help.

Unlocked padlock on a computer keyboard

(Image credit: Unsplash / Fly:D)

 Monetary gain

One of the biggest reasons for using malware is to make money. Some of these ways, even with malware, isn’t illegal. For example, adware is used to track your online search history and create ads specifically for you, which is both creepy and annoying. The ads may not necessarily be malicious, but some cybercriminals use them to attach other threats, or to redirect you to a malicious website. Or, it could be used simply to get you to visit and shop at a specific site so the cybercriminal gets a kickback.

A good way to stop adware is to use a VPN service. VPNs block your online identity so it is hard for anyone to trace your online history back to you. Some VPNs even let you funnel specific information through them, so you can enable it when shopping or browsing, but turn it off while accessing social media or non-essential web pages.

Malvertising is when a cybercriminal embeds malware into an advertisement. This could be a file that downloads when you click on the ad or redirects you to a page that looks legitimate but is actually a phishing scheme. Cybercriminals have been doing this for so long it is hard to tell legitimate companies from a scheme. 

One way to reduce the risk of malvertising is to visit the company by typing its URL into the address bar. You can also do a search for the actual company’s website through a legitimate search engine, like Google, which tags legitimate sites as safe before you visit them. Any advertisement that you see out there on the web will be listed on the company’s site if it is a legitimate offer.

The most dangerous malware is ransomware. This threat locks down important files and programs, holding them hostage until you pay the criminal to release them. Payment is required through cryptocurrency, gift cards, or other payment that isn’t easily tracked. The worst part is often after the ransom is paid, the criminal disappears and leaves your files locked.

Protecting yourself from cybercriminals ransomware isn’t hard. In addition to antivirus software, all of which recognize and block ransomware, you can use an encryption service to lock down your files yourself in a way that ransomware doesn’t recognize.

Nikki Johnston
Commissioned Editor

Nikki is a commissioned editor for Future Plc covering internet security including antivirus and VPN. With over 18 years of research and writing experience, and 11 years of testing and reviewing internet security solutions, Nikki knows how to dive deep to get the information consumers need to make better buying decisions. She is also a mom to 10 children, and personally uses many of the products she reviews to ensure the safety of her own family.