• Products & Services
  • Community & Resources
  • Why ConnectWise
  • Support
Talk to Sales
Explore Business Management
PSA
Professional services automation designed to run your as-a-service business
CPQ
Advanced quote and proposal automation to streamline your quoting
BrightGauge
KPI dashboards and reporting for real-time business insights
ITBoost
Centralized, intuitive IT documentation
Service Leadership
Increase shareholder value and profitability
SmileBack
Customer service feedback for MSPs
WisePay
Payments automation to increase cash flow and streamline processes
Business Management Packages
Curated packages designed to streamline, standardize, and automate your business processes
PSA
Professional services automation designed to run your as-a-service business
CPQ
Advanced quote and proposal automation to streamline your quoting
BrightGauge
KPI dashboards and reporting for real-time business insights
ITBoost
Centralized, intuitive IT documentation
Service Leadership
Increase shareholder value and profitability
SmileBack
Customer service feedback for MSPs
WisePay
WisePay
Payment automation to increase cashflow and streamline processes
Business Management Packages
Optimize your business operations through curated packages designed to streamline, standardize, and automate your business processes
Explore Business Management

See new and upcoming product enhancements in our monthly innovation webinar series!
Register now >>

Explore Cybersecurity
MDR
Monitor and stop malicious activity on endpoints
MDR for Microsoft 365
Monitor, protect, and remediate Microsoft 365 exposures
SIEM
Centralize threat visibility and analysis
SaaS Security
Deliver, manage, and monetize cloud security more easily
Vulnerability Management
Identify cybersecurity risks and routinely scan for vulnerabilities
Access Management
Eliminate shared admin passwords and protect customers
Secure Access Service Edge (SASE)
Apply zero trust secure access for users, locations, and devices
Security360
AI-Driven MSP cybersecurity solutions
MDR
Monitor and stop malicious activity on endpoints
MDR for Microsoft 365
Monitor, protect, and remediate Microsoft 365 exposures
SIEM
Centralize threat visibility and analysis
Co-Managed SIEM
Deploy 24/7 managed detection and response with SOC services
Vulnerability Management
Identify cybersecurity risks and routinely scan for vulnerabilities
Access Management
Eliminate shared admin passwords and protect customers
Secure Access Service Edge (SASE)
Apply zero trust secure access for users, locations, and devices
Security360
AI-Driven MSP cybersecurity solutions
Explore Data Protection
SaaS Backup
Safeguard customer cloud app data
Co-Managed Backup
Streamline third-party backup management
Backup360
Comprehensive MSP backup management
x360Recover
Hyper-flexible disaster recovery and business continuity
Cloud Backup
Intelligent data protection for Microsoft 365
x360Cloud
SaaS application data protection
SaaS Backup
Safeguard customer cloud app data
Co-Managed Backup
Streamline third-party backup management
Backup360
Comprehensive MSP backup management
Explore Cybersecurity and Data Protection

See new and upcoming product enhancements in our monthly innovation webinar series!
Register now >>

  • IT Nation

    Industry events and networking

  • ConnectWise

    Peer groups and product training

  • Open Ecosystem

    Top-rated vendors and integrations

  • Resources

    Business-driving insights and guidance

IT Nation
IT Nation Connect
Premier MSP industry conference
IT Nation Secure
MSP cybersecurity industry conference
IT Nation Evolve
Peer groups
IT Nation Grow
Expert guidance for business transition
IT Nation PitchIT
Accelerator program for incubating growth
Wise Up Podcast
Insights and strategies to help your business
IT Nation Europe
Regional MSP industry conference
IT Nation Sydney
APAC MSP Industry Conference
Automation Nation
AI & hyperautomation training
IT Nation Connect
Premier MSP industry conference
IT Nation Secure
MSP cybersecurity industry conference
IT Nation Evolve
Peer groups
IT Nation Grow
Expert guidance for business transition
IT Nation PitchIT
Accelerator program for incubating growth
Wise Up Podcast
Insights and strategies to help your business
IT Nation Europe
Regional MSP industry conference
IT Nation Sydney
APAC MSP Industry Conference
Automation Nation
AI & hyperautomation training
Explore The IT Nation

Join the premier thought-leadership conference for MSPs.
Register Now>>

  • About Us

    Company profile, values, and leaders

  • News

    The latest ConnectWise updates

  • Markets

    Roles and industries we support

The only truly unified platform purpose-built for MSPs.
Learn more >>

  • Partner Support

    ConnectWise solution resources

  • Partner Education

    Certifications and resources

Expanded Definition: Malware

What is malware?

Malware is a broad term that covers many different types of malicious software that can be installed on devices. When threat actors try to get malware installed on an endpoint—such as a laptop, desktop computer, or mobile phone—they’re doing it with the intention to harm, extort, or scare the organization. 

It’s estimated that 560,000 new pieces of malware are detected daily

Oftentimes, malware makes it around IT defenses via user error or out-of-policy behaviors, such as:

  • Responding to a phishing email
  • Downloading files from untrusted contacts
  • Clicking on malicious links

Once a piece of malware is installed, it starts its work. Depending on the type of software, it may exfiltrate valuable data, lock down the computer for ransom (see ransomware), scare the user into doing something, or quietly spy on the machine for monetary or other purposes.

Common types of malware

Some of the most common types of malware that managed service providers (MSPs) will encounter are targeted at endpoints such as laptops, desktop computers, and mobile devices.

Ransomware

Ransomware is a form of malicious software that, once installed on an endpoint, locks down the system until the user pays a ransom to have it released. When threat actors use ransomware, they sometimes encrypt the files, so the content of the computer becomes unreadable. Beyond encrypting the data, it is also becoming more common for bad actors to exfiltrate data—stealing it from corporate systems—in order to increase the chances that targets will pay the ransom.

Spyware

The definition of spyware can be broad. Some spyware is actually installed by legitimate software vendors, for example, with the intent of monitoring user activity for more benign purposes like serving ads. For the purposes of the ConnectWise Cybersecurity Glossary, we’re defining it purely in its malicious sense: software installed to spy on an organization or user with harmful intent. With spyware, hackers can monitor the activities of a user without being noticed and steal sensitive information, such as corporate or personal details.

Trojans

If the name “trojan” conjures visions of the ancient city of Troy and a wooden horse, then you’ve understood the origins of the term. 

Trojans are pieces of software that masquerade as something harmless or even helpful. But, in reality, the software is performing harmful behaviors, such as stealing data. These pieces of malware are localized, meaning that they don’t spread from computer to computer (like a virus does). 

Remote Access Trojans (RATs) are a specific type of trojan that allows attackers to gain unauthorized access and control over a victim's computer or network. Unlike traditional Trojans that primarily focus on stealing data or causing damage locally, RATs enable cybercriminals to remotely control the infected system from a distance. 

Viruses

Last but not least, viruses are one of the most well-known pieces of malware. Most MSP clients will probably have heard of computer viruses and antivirus software. Viruses make their way onto computers through infected files, and then—like their biological counterparts—the viruses replicate and spread. When this happens, entire networks can fall victim.

These are just a few examples of malware. There are many, many more forms of malware out there. However, in all cases, the intent is the same: to damage the target and/or extract some monetary gain.

Recent malware observed by ConnectWise Cyber Research Unit 

Lumma Stealer /LummaC2 

Lumma Stealer is an information-stealing malware written in C that has been available through a malware-as-a-service (MaaS) model on Russian-speaking forums since at least August 2022. Developed by a threat actor known as "Shamel" or "Lumma," this malware specializes in exfiltrating sensitive data from compromised systems, including passwords, browser information, cryptocurrency wallet details, and two-factor authentication (2FA) browser extensions. 

Once the targeted data is obtained, it is exfiltrated to a command-and-control (C2) server via HTTP POST requests using the user agent "TeslaBrowser/5.5." Additionally, Lumma Stealer features a non-resident loader capable of delivering additional payloads via EXE, DLL, and PowerShell.  

The malware employs various deceptive distribution methods to infiltrate systems. Recent campaigns have utilized fake CAPTCHA verification pages, where users are tricked into executing malicious PowerShell commands disguised as legitimate human verification steps. Other tactics include distributing the malware through telegram channels offering pirated software, torrents with pirated TV shows, and YouTube videos promoting cracked software. 

These methods exploit user trust and the popularity of certain platforms to propagate the malware effectively. The persistent and evolving nature of Lumma Stealer underscores the importance of robust cybersecurity measures, including user education, up-to-date antivirus solutions, and cautious interaction with unsolicited or suspicious online content. 

NetSupport Manager RAT 

NetSupport Manager RAT is a program that enables users to manage and control other computers over a network. It functions as a “remote access trojan,” and while it’s intended for legitimate uses such as technical support and corporate network management, it can also be misused. 

The software offers various features, such as: 

  • Remote desktop control: Gives an administrator full access to the target computer’s screen and inputs 
  • File transfer: Allows moving files between the computers 
  • System inventory: Provides details about the target computer’s hardware and software 
  • Hardware and software monitoring: Tracks system performance and installed applications 
  • Chat functionality: Facilitates communication between the administrator and the target computer user 

NetSupport Manager RAT operates by installing a client component on the target computer and a control component on the administrator's computer. These components communicate via a network connection, enabling the administrator to access and control the target computer. However, remote administration tools, including NetSupport Manager RAT, can be used for malicious purposes. Cybercriminals frequently use similar software to infiltrate computers, steal confidential information, or carry out harmful activities without the user's knowledge or consent. 

FAKEUPDATES/FakeUpdates/SOCGholish 

FakeUpdates, also known as FAKEUPDATES or SocGholish, is a prevalent malware campaign that emerged around 2018. It is characterized by its use of social engineering techniques to trick users into downloading malicious software disguised as legitimate updates. This malware is primarily delivered through compromised websites, where users are prompted with fake update notifications, typically for common software such as Adobe Flash Player or browser updates. These prompts are designed to appear authentic, exploiting users' trust and urgency to keep their software up-to-date. 

Once the user initiates the download, the malware installs a backdoor on the system, providing attackers with remote access and control. FakeUpdates is often used as a delivery mechanism for additional payloads, including ransomware, banking trojans, and information stealers. The attackers leverage this access to exfiltrate sensitive data, deploy further malware, or use the compromised systems for broader campaigns. 

The widespread use of compromised legitimate websites and the convincing nature of the fake update prompts make FakeUpdates a significant threat, capable of impacting a wide range of users and organizations. Its persistence and adaptability in evading detection underscore the importance of robust cybersecurity practices and user education to mitigate such threats. 

XWorm 

XWorm is a remote access trojan (RAT) that has been gaining traction among cybercriminals due to its versatility and stealth. Distributed primarily through phishing emails and malicious attachments, XWorm enables attackers to take full control of an infected system. Once installed, it provides remote access, allowing for keylogging, screen capturing, data exfiltration, and the ability to run arbitrary commands. XWorm is lightweight, which makes it harder to detect, and is often obfuscated to avoid antivirus detection. It can spread laterally within a network, making it particularly dangerous for corporate environments. 

Recent intelligence suggests that XWorm has been updated with additional functionalities, including more advanced evasion techniques and modular components that make it adaptable to various attack scenarios. Cybercriminals are increasingly using it in targeted attacks, often against organizations with weak email security controls. There have been reports of its use in financial sector attacks, where XWorm was deployed to steal credentials and banking information. Furthermore, the malware has been spotted in campaigns linked to both espionage and financial gain, indicating its growing popularity among different threat actors. Its evolving capabilities and widespread availability on underground forums make it a persistent and adaptable threat. 

The MSP role in defending against malware

As a trusted IT partner, MSPs are often the frontline defense against malware for small to midsize businesses (SMBs) and other organizations. MSPs provide the technology and knowledge necessary to keep IT systems updated, and they do the actual work of ensuring that organizations are using the right tools—such as firewalls and antivirus—to catch or remove malware.

Malware can be installed in many different ways. That’s why MSPs are so critical in providing frontline defense. Some of the core ways that MSPs support cybersecurity and lower the risk of malware include the following:

Endpoint Detection and Response (EDR) 

Endpoint detection and response is a cybersecurity technology that monitors and detects threats across endpoints, such as computers, mobile devices, and servers. EDR solutions provide real-time visibility into endpoint activities, allowing security teams to quickly identify, investigate, and respond to potential threats.  

Most EDR tools include the following key features: 

  • Threat detection 
  • Automated response 
  • Forensic analysis 

Endpoint Management

Hackers target endpoints 24/7. That’s why strong endpoint management is an important service. Good endpoint management will include:

  • Controls to prevent unknown software applications from installing 
  • Ongoing scanning for every file to catch any infected items 
  • Health reports on a device’s performance
  • And more

By monitoring and managing a client’s endpoints closely, MSPs can shore up defenses and limit some of the ways that attackers might try to install malware. 

Software Patching 

From household names like Microsoft 365 to third-party vendors, legitimate software is unfortunately a common vector for malware. Hackers can take advantage of vulnerabilities in older versions to install malware. 

The best way to prevent this from happening is software patching. With patch management, MSPs ensure their clients are always running the most current versions of software. And with automation, MSPs can automatically update machines—removing the risk of human error and saving technicians time.

Remote Monitoring

Even before the rise in remote work due to coronavirus, MSPs were servicing clients at a distance with remote monitoring technology. Tools like remote monitoring and management (RMM) software enable MSPs to keep a close eye on all their clients’ many endpoints, often from a birds-eye dashboard. 

By monitoring systems remotely, MSPs don’t have to wait until a user brings a machine to them for a tuneup—they can catch any suspicious device or network activity from afar, and then send in help.

Security Operations Center (SOC)

As noted, security is a 24/7 job. MSPs can offer clients additional security with an expertly-staffed security operations center (SOC). Working day and night, the SOC ensures that cybersecurity threats are dealt with quickly and fully. This is crucial, since all it takes is a moment’s weakness for a hacker to slip through. A SOC can also help prevent issues before they can take root by generating ongoing research, hunting for threats, and applying best practices and removing vulnerabilities before they can be exploited.

Of course, creating and properly staffing a SOC can be expensive (as much as $2.3M, according to our calculations!), which is why many MSPs may choose to partner or outsource this function. Regardless, when paired with an RMM solution and ongoing MSP support, a SOC is a powerful defense against cybersecurity threats.

Learn more about ConnectWise Cybersecurity and Data Protection solutions built to meet today's cybersecurity needs