Your guide to tracking and defending against malware

Get to know the many faces of shape-shifting malware.

This article was originally published on 30 October 2023. The article was republished on 27 March 2024.

Malware or malicious software is used to describe unwanted software that is harmful or disruptive to IT systems.

Key takeaways

  • How antivirus tools and other software updates (also known as patch management) could offer extra protection.
  • A list of malware in its varying guises, including ransomware, info stealer and web skimmer.
  • How cybercriminals can now buy each component of the attack chain on the dark web (part of the internet that isn’t visible to search engines), and how the bank and National Cyber Security Centre stay tuned to new developments.


“The vast majority of attacks start with an email, sometimes with a link or a document that has executables in it, such as macros in an Excel spreadsheet,” says Benjamin Clark, Mobile Threat Intelligence Specialist at the bank.

Malware is adept at remaining hidden, he adds, and could be “badged up as an invoice or a CV in a Word document or PDF which will have an executable piece of code in there that will start launching”. This is where the first line of defence, antivirus software, can be helpful.

Where possible, it helps to save bookmarks and useful links that are already trusted. “We have a lot of customers who type ‘Bankline’ into Google, for example, and, unfortunately, what threat actors do is pay for advertising space on Google so that they can link the advertisement to a malicious website or malware instead of the genuine site,” says Ben, who stays informed through regular meetings with the National Cyber Security Centre.

The bank is actively encouraging search engine providers to be vigilant and flag any suspicious requests.

The many different types of malware:

  • Remote Access Trojan (RAT): allows an attacker to take control of a user’s device, desktop or mobile.
  • Info stealer: captures credentials of targeted systems, such as banking and/or email information.
  • Crypto miners: use computing resources to mine for cryptocurrency without the victim knowing or benefiting.
  • Ransomware: encrypts or steals information and contacts victims for a ransom to return the data.
  • Web skimmer: malicious code that steals payment information like credit card data as it’s typed into online checkouts.
  • Dropper: a piece of software that is not malicious and can pass security checks even in more protected environments – like the Google Play Store, but is programmed to become malware at a later date.
  • Spyware: stealthy and hard to detect, this is used to gather information about a user or their network.

Warning signs of a malware attack

On a desktop, Ben says to look for the machine slowing down, the mouse cursor moving on its own, lots of popups, unknown programs starting, and the device crashing unexpectedly. On a phone or other mobile devices, it could be screen flickering, overheating and reduced battery life.

How the attack chain is evolving

The areas of expertise that make up the chain of a successful malware attack are now available for hire. Something that is being talked about in security forecasting is the ‘as a service’ model, where threat actors become expert in a very small part of the malware distribution journey, such as coding. This lowers the barrier for entry to threat actors, making criminal infrastructure more readily available.

A fraudster might lack in-depth knowledge or experience, Ben says, but “they can buy each component of an attack from a rental service on the dark web”, and access the market this way.

“Almost all of the ransomware families now run as an affiliate service, where basically the person organising the malware just takes a cut. You don’t have to be a skilled attacker,” he explains.

Ways to defend your business

  • Be wary of unsolicited emails and phone calls and try to click on trusted sites.
  • Make software as robust as possible with patch management (these are software updates designed to improve security), particularly on older software.
  • The NCSC regularly releases the most common vulnerabilities in software such as Microsoft Office, and it also offers businesses a free Early Warning service about potential cyber attacks.
  • Educating staff about fraud is an essential layer of security.
  • Follow good cyber hygiene – don’t reuse or share passwords, or list them in plain text documents.
  • Enable two-factor authentication wherever possible.
  • Consider setting up an incident response procedure.


Visit our Fraud Hub  for upcoming webinars and further insight.

This material is published by NatWest Group plc (“NatWest Group”), for information purposes only and should not be regarded as providing any specific advice. Recipients should make their own independent evaluation of this information and no action should be taken, solely relying on it. This material should not be reproduced or disclosed without our consent. It is not intended for distribution in any jurisdiction in which this would be prohibited. Whilst this information is believed to be reliable, it has not been independently verified by NatWest Group and NatWest Group makes no representation or warranty (express or implied) of any kind, as regards the accuracy or completeness of this information, nor does it accept any responsibility or liability for any loss or damage arising in any way from any use made of or reliance placed on, this information. Unless otherwise stated, any views, forecasts, or estimates are solely those of NatWest Group, as of this date and are subject to change without notice. Copyright © NatWest Group. All rights reserved.

Choose the content you want

Get business inspiration and practical tips straight to your inbox

scroll to top