Contributed by George Mack, Content Marketing Manager, Check Point Software.


Threatware refers to any type of software designed to infiltrate your computer or network – with the goal of inflicting damage or stealing user credentials. The terms ‘threatware’ and ‘malware’ are often used interchangeably, and they encapsulate the whole gamut of cyber threats, including spyware, ransomware, viruses, Trojan horses, and more.

How does threatware infect users?

Email is the most popular avenue for threatware infections. In fact, 91% of cyber attacks start with a phishing email. Phishing emails are made to look legitimate, fooling their victims into believing that the message originated from a coworker or a friend.

Once the victim opens the email, he or she is urged to click on a link and input their account credentials – essentially handing over his or her password to the threat actor. The victim could also download a malicious file, corrupting the files on the computer or providing the hacker with access to company resources.

Hackers may also spot vulnerabilities in the code of a website, allowing them to insert their own code designed to damage systems or infect users. In other cases, threat actors attempt to infiltrate corporate networks by footprinting or port scanning to find security weaknesses.

Different types of threatware

Threatware, or malware, has increased sharply over the past several years. In 2021, organizations witnessed a 50% increase in threatware compared to 2020.

Let’s take a look at some of the most common forms of threatware that affect users.


Ransomware is software that encrypts the files on a victim’s computer. Afterwards, the end user is no longer able to access files, data, or applications.  A ransom is demanded in exchange for a key to unencrypt the files. Critical infrastructure sectors -such as banking, energy, or healthcare- are more likely to pay the ransom because the services they provide are so vital. Downtime in these sectors can wreak tremendous havoc, especially on end users such as healthcare patients.

Ransomware has also evolved over time. With double-extortion ransomware, hackers not only encrypt business data, but they also threaten to release the data if a payment is not made.

Why has ransomware become so popular? Because it simply works. In 2022, experts predict that there will be one ransomware attack every 11 seconds. As long as companies continue to pay ransoms, this underground economy will continue to grow and evolve, producing newer methods of cyber extortion that demand higher amounts of money.


Spyware is a classification of threatware designed to monitor a user’s activities on an infected computer. It hides on the victim’s computer without his or her knowledge, steals private information, and sends it to threat actors. The end goal of spyware is to steal banking information, account credentials, and credit card numbers. There are several forms of spyware.

Keyloggers are one of the most popular forms of spyware, allowing hackers to monitor your keyboard strokes and steal your account credentials. Adware is another type of spyware, designed to analyze the Internet sites you visit, present advertising popups, and redirect your website browser to unsafe websites.

Spyware’s data collection capabilities pose a significant risk to companies. It can provide hackers with access to privileged accounts that have access to corporate resources; if this happens, then hackers can steal critical data, monitor network usage, install ransomware, or carry out further cyber attacks.


A Trojan Horse Virus is threatware that downloads onto your computer while appearing as legitimate and safe. The term has its roots in ancient Greek mythology. In one mythological tale, the Greeks provided a wooden horse to the Trojans as a gift – in reality, the horse was hiding a force of military men inside, who would eventually come out and destroy the city of Troy.

Similarly, hackers do everything they can to make the program they promote appear legitimate. They’ll use phishing emails, websites, and language that mimic the communications that the real organization uses.

A popular form of Trojan attack is the fake antivirus. Sketchy websites will produce popup ads on the end user’s computer, prompting them to download their antivirus to remove the “eight viruses detected on your device.”

What are the consequences of threatware?

Many threat actors are motivated by money, and their goals range from stealing account credentials to encrypting critical files. Thus, ransomware and spyware are often employed. These can have devastating effects on organizations. Trade secrets can be leaked. Critical files can be encrypted, putting a stop to business continuity. If you pay the ransom, you could lose up to $6 million, which is the average ransomware payment for US victims – and you’re not even guaranteed to have your files unencrypted.

However, there are signs to look for if your computer is infected with threatware. These signs include slow processing, redirects to unknown websites, appearance of pop-up ads, or sudden crashing. If you notice any of these signs, your device may be infected with threatware. Run a malware scan and delete the detected files or programs that your antivirus deems dangerous.

How do you prevent threatware?

Because most cyber attacks start with phishing, train yourself and your employees to notice the red flags in a phishing email. If your organization can effectively do this, then you are protected from the vast majority of threatware.

Keeping your applications up to date is also highly recommended, as you’re patching up vulnerabilities that could provide a gateway into your network or computer.

Set strong and unique passwords against which hackers will not be able to easily brute force.

Finally, implement an effective cyber security solution. If you’re an end user, we recommend ZoneAlarm for complete security across all your devices. ZoneAlarm includes award-winning anti-ransomware, phishing protection, and secure browsing.

If you are responsible for the security of a business, we recommend Check Pointy Infinity for a completely consolidated architecture that protects your network, cloud, and end users while reducing 20% of security costs.

Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the newsletter.