What is malware, and what's the difference between a virus, ransomware, and a trojan?

More context

Malware is the umbrella term for malicious software — anything written specifically to do something to you or your device that you would not have agreed to. Inside that umbrella, the categories are about behaviour rather than appearance:

• Virus. Malware that copies itself into other files or onto other devices. Pure self-spreading malware is mostly a historical category now; “I have a virus” usually means “I have some kind of malware”.
• Worm. Malware that spreads across networks on its own, without needing a user to click. WannaCry (2017), NotPetya (2017) are the famous examples — both crossed continents in hours.
• Trojan. Malware disguised as something legitimate that you install yourself. Most modern home infections are trojans: cracked software, fake VPNs, fake banking apps, fake “free” tools.
• Ransomware. Malware that encrypts your files and demands payment for the key. For businesses, this is the dominant threat of the last decade; for individuals, it still happens but less often. Either way, the practical defence is offline backups.
• Spyware. Malware that watches you — keystrokes, screenshots, microphone, camera. Includes commercial stalkerware sometimes installed on a partner’s or child’s phone, which is illegal in most jurisdictions without explicit consent.
• Adware. Malware whose main effect is to inject ads, redirect your searches, or change your browser settings. Annoying rather than catastrophic, but often a sign that something worse is also installed.
• Rootkit. Malware that hides itself deep in the operating system to avoid detection. Less common on home devices in 2026; the OS-level defences make rootkits hard.
• Botnet client. Malware whose job is to silently lend your device’s bandwidth and CPU to a criminal network — usually for sending spam, mining cryptocurrency, or attacking websites.

How malware actually arrives in 2026 — the ranking matters because the defences differ:

1. Tricked downloads. Cracked games and software, fake “free Photoshop”, fake VPN apps, fake driver-update tools. Easily 50%+ of home infections.
2. Phishing links and attachments. Documents called Invoice_2026.zip, fake delivery PDFs, links that download an .exe or .dmg you did not realise was an installer.
3. Malicious mobile apps outside official stores. Android sideloading is the main path; iOS is mostly safe unless the device is jailbroken.
4. Browser extensions. A well-rated extension can be bought by an attacker, then pushed an update that silently injects malware.
5. Fake software updates. Pop-ups saying “your browser is out of date” or “Flash Player needs updating”.
6. Drive-by downloads on shady sites. Less common now thanks to modern browsers, but still occasionally a path on outdated systems.

What to do when you suspect an infection:

• Disconnect from the internet if you suspect active ransomware or data theft — pull the Wi-Fi, unplug the cable.
• Run a scan with the built-in antivirus (Defender on Windows, the platform’s own protections on Mac). Add a free reputable second opinion (Malwarebytes is the well-known one for home use).
• From a different, trusted device, change passwords on important accounts (email, bank, password manager). Do not trust the possibly-infected device for password resets.
• For ransomware, do not pay first. Most reputable backups (Time Machine, Windows File History, cloud backups with version history) let you restore. The decryption keys for many ransomware families are now public on nomoreransom.org.
• For phones, factory reset is the brutal-but-reliable answer if scans are inconclusive.

Prevention is almost entirely about behaviour: install software only from official stores or known publishers, do not pirate software, treat unexpected attachments as guilty until proven innocent, keep the OS up to date, and keep an offline backup of irreplaceable files (photos, documents).