Artificial intelligence has dramatically changed the way hackers attack systems and applications. Cybercriminals still use their technical skills to produce malicious code and get the job done, but they can also now use AI to generate code and wreak havoc on systems worldwide. It’s one of the most critical issues DevSecOps teams must address as they build applications.
But what is malicious code and how can you prevent it from infecting your network? Read on to learn more about common types of malicious code, what happens when they’re executed, and the best ways to avoid them.
What Is Malicious Code?
Malicious code is any program, script, or software designed to cause harm by disrupting normal operations within a computer system or network. Also known as malicious software or malware, malicious code is disguised as or packaged with legitimate applications, such as websites, computer maintenance programs, and email attachments.
Malicious code differentiates itself from accidental bugs and software flaws because it causes harm by stealing information, gaining unauthorized access to systems, or crashing networks, among other things. Cybersecurity experts aren’t in total agreement whether intent should supersede what the program actually does, but IBM and other tech giants state that programs created with legitimate intent can still act as malware once deployed.
7 Types of Malicious Codes and Real-World Examples
Understanding different malicious code meanings can help developers make their applications more resilient against cyber attacks. Secure coding is proactive, but in order to know what code to fortify, developers and security teams must understand what malware can do.
Here are seven common types and real-world examples of malicious codes.
1. Worms
Worms are self-replicating programs that spread across networks without any human interaction. Since they run independently, worms can spread to multiple devices in a short amount of time. After infecting a system, they can also deliver secondary damage, like using the infected system to launch a DDoS attack. They use a lot of bandwidth and compute power, which can slow down networks and devices, and organizations often only find worms after noticing performance issues.
In 2007, the Stuxnet Worm targeted supervisory control and data acquisition (SCADA) systems running Windows and disrupted operations in nuclear facilities in Iran. This highly complex zero-day threat infecting Iranian control systems wasn’t discovered until 2010.
2. Trojans
Trojans are pieces of malicious code disguised as or packaged alongside legitimate software, taking their name from the Greek myth of the Trojan horse. Once a trojan is installed, hackers can use it to steal data, lock authorized users out of their accounts, and deploy additional malware. Like worms, their stealth makes them a preferred approach for zero-day and long-term cyberattack campaigns. However, they’re not self-replicating, so they rely on social engineering to trick victims into installing and running them.
In 2023, the United States Health and Human Services called Emotet the world’s most dangerous Trojan. It was initially created to target the banking industry and has been active since at least 2014, with zero-day attack campaigns lasting between five and 15 months. Emotet is usually spread via email and can steal data by eavesdropping on networks.
3. Viruses
Viruses are pieces of malware that attach themselves to legitimate applications and files. When users share or open these infected files, the virus spreads through the system. They can corrupt data, disable critical applications, and change security configurations (like firewalls), all of which damage operating systems. Like trojans, they’re not self-replicating and require victims to open or install infected code.
The ILOVEYOU virus spread through email and infected millions of computers in the year 2000, including the United Kingdom’s House of Commons. Ironically, the virus started with a simpler intent: A 24-year-old student wanted to steal passwords and access others’ dial-up Internet services.
4. Spyware
Spying software, also known as spyware, runs in a system’s background without the user’s consent. It tracks activity and captures sensitive information like browsing history, financial details, and passwords. Cybercriminals can then sell this stolen data on the dark web or use it to compromise systems themselves. Like other types of malicious code, spyware is sometimes packaged with legitimate software. Trojans are a type of spyware, as is adware, system monitors, and tracking.
An Android virtual keyboard called GO Keyboard allegedly spied on users, stole sensitive data, and transmitted it to remote servers in 2017. Following these allegations and warnings from security researchers, Google removed the app from its store for downloading and running executable code outside the scope of the app.
5. Backdoor Attacks
Backdoor attacks generally install secret entry points to a system that bypasses authentication controls. These backdoors can remain hidden for a long time, allowing cybercriminals to exploit and sell data or deploy other attacks from within. Some disgruntled IT workers set up backdoor attacks to retaliate against their employers if terminated. In this case, companies should look thoroughly for backdoor entry points after revoking their access.
In 2021, hackers inserted malicious code known as SUNBURST into updates for the SolarWinds Orion platform. This malware hid in plain sight, mimicking Orion software communication protocols. Since U.S. government agencies and global corporations like Microsoft used this software, the attack led to widespread disruptions.
6. Ransomware
Cybercriminals can use any of the previous five types of malicious code to deploy ransomware. It’s one of the most devastating types of malicious software because it encrypts the victim’s data and then demands ransom in exchange for the decryption key. Ransomware targeting businesses can halt day-to-day operations, leading to serious financial damage beyond the ransom. And paying it doesn’t mean cybercriminals will keep their word—or that stolen data hasn’t already been leaked or sold on the dark web.
The WannaCry ransomware hack of 2017 remains one of the most damaging cyberattacks to date. This cryptoworm targeted Windows computers based on an exploit developed by the NSA that was stolen and leaked. The virus destroyed computer systems in over 300 organizations across 150 countries.
7. Cross-site Scripting (XSS) Attacks
XSS attacks inject malicious code into trusted websites and then run in a user’s browser. Unlike worms or viruses, XSS exploits vulnerabilities in an application instead of deploying malicious programs. This allows hackers to hijack sessions, steal sensitive information, and even commit identity theft.
An XSS attack compromised eBay in 2014 by injecting malicious code into specific links, which diverted buyers to another website. The spoof site looked similar to the real eBay welcome page, tricking users into continuing their shopping, and criminals used it to steal their log-in credentials.
Techniques for Preventing and Avoiding Malicious Code
Malicious code can have a devastating impact on organizations, so the best cybersecurity strategies against malicious code stop it from ever entering your system. This requires taking a multi-layered approach that includes security tools, administrative protocols, and human brainpower:
- Security awareness training: Some of the most damaging malware attacks compromise team members using social engineering to get security access. Companies must invest in security training so employees, contractors, and vendors can better identify suspicious emails and other attack strategies.
- Additional blockers: Antivirus software, firewalls, and anti-scripting tools provide a layered defense strategy against malicious code. They work together to block malicious files and unauthorized network access while preventing XSS exploits.
- System and codebase audits: Organizations should regularly audit their codebases, systems, and networks to detect and patch vulnerabilities. Automated scans and monitoring tools can identify weaknesses and alert security teams for faster action.
- Regular backups: Companies should regularly back up their systems and data, then store these backups in isolated environments. This secures business continuity in the case of a breach—though it might not stop cybercriminals from leaking data if they find it.
- Cyberattack playbook: Establish and document a strong incident response plan and ensure everyone knows their role, so even the most junior workers can identify a threat and know how to prioritize and report it. AI-powered tools that automate cyberdefense responses can also support a swift response.
Protect Against Malicious Code With Legit Security
Software development environments have become prime targets for malicious code injection and other vulnerabilities. DevSecOps teams need more than antivirus software and firewalls to block these issues, and IT managers need full visibility and protection across the entire supply chain.
Legit Security can help your DevOps team secure applications by offering real-time monitoring to detect suspicious activity in codebases and pipelines. Legit brings visibility into CI/CD pipelines, with extra protections to block attackers from installing backdoors or injecting malware codes during development. And by catching risks introduced by AI or malware, you can deliver proactive detection and mitigation to prevent compromised workflows from making it to production.
Find out how integrating Legit in your security stack can provide the tools you need to defect against cyber threats, protect sensitive information, and ensure business resilience. Book your demo today.
Download our new whitepaper.
