Spyware
Malware that secretly monitors user activity and transmits collected data to an attacker or third party without the user's knowledge or consent. Unlike destructive malware, spyware's primary goal is long-term surveillance β it is designed to remain hidden as long as possible while continuously extracting valuable data. Spyware may monitor browsing activity, capture keystrokes, track location, access the camera or microphone, and record financial transactions. The collected data is used for identity theft, behavioral advertising, credential theft, or sold on criminal markets.
Browser Monitoring (Spyware)
A spyware capability that intercepts and records web browsing activity β including URLs visited, search queries entered, time spent on pages, and content of forms submitted. Browser monitoring builds a detailed behavioral profile of the user that can be sold to advertisers or used to identify banking sites and account credentials. Some browser-monitoring spyware injects advertisements into web pages viewed by the victim, replacing or supplementing existing ads with ones that generate revenue for the attacker.
Keylogger (Spyware Component)
A component commonly included with spyware that records every keystroke typed on the infected system and transmits the log to the attacker. Keyloggers capture usernames, passwords, credit card numbers, PINs, Social Security numbers, private messages, and any other text the user types. Because keyloggers operate below the application level (intercepting input before it reaches the application), they capture data even when password fields mask characters on screen. Credential theft via keylogger is one of the primary means of account takeover.
Affiliate Fraud
A spyware monetization technique in which the spyware manipulates online affiliate/referral programs to earn commissions for the attacker from purchases the victim makes. Affiliate programs pay a commission to whoever referred a customer to a sale. Spyware intercepts the user's online shopping sessions and injects its own affiliate tracking code β so when the victim completes a purchase at a legitimate retailer, the attacker's affiliate account receives the commission. The victim pays the normal price; the attacker earns money from every purchase without any interaction with the retailer.
Peer-to-Peer (P2P) Software
File-sharing networks and applications through which users exchange files directly β often used for distributing music, video, and software. P2P networks are a common spyware delivery vector because the files shared may be infected executables, and because P2P applications themselves are frequently bundled with adware and spyware in exchange for being offered as free downloads. Files downloaded from P2P networks carry a high risk of including malicious code bundled with the claimed content.
Fake Security Software (Scareware)
Malicious software that disguises itself as a legitimate security tool, typically using pop-up alerts warning the user that their computer is infected with malware. The pop-up urges the user to install a "free scanner" or "antivirus tool" to remove the supposed infection. The installed tool is itself spyware or other malware. Scareware exploits users' fear of infection to trick them into willingly installing the malware. The alerts often use official-looking graphics and mimic genuine security software interfaces.
Bundled Software
Additional software included alongside a desired application during installation, often without the user's explicit awareness. Legitimate applications may be distributed with bundled third-party software β adware, spyware, toolbars, search engine redirectors β added by the distributor (not necessarily the original developer). Bundled software is typically disclosed in the installer's end-user license agreement (EULA) or via opt-out checkboxes that are pre-selected. Users who click through installations without reading them frequently install bundled spyware unknowingly.
Adware
Software that displays unwanted advertisements, often in the form of pop-ups, browser redirects, or injected ads on web pages the user visits. Adware may be a standalone application or a component of spyware. The attacker earns revenue each time the user views or clicks an advertisement. While some adware is technically disclosed and installed with user consent (buried in license agreements), it is generally considered malicious because it operates contrary to the user's preferences and often collects behavioral data to target the advertisements.
Malwarebytes
A well-known dedicated anti-malware scanning tool used to detect and remove spyware, adware, ransomware, and other malware that traditional antivirus may miss. Unlike general-purpose antivirus software that primarily focuses on viruses and trojans, Malwarebytes and similar dedicated tools specifically target surveillance-oriented malware: browser hijackers, keyloggers, adware, potentially unwanted programs (PUPs), and rootkits. Often run alongside (not replacing) a standard antivirus for complementary coverage. Particularly valuable for spyware infections where a second scanning engine improves detection odds.
Bloatware
Unnecessary software pre-installed on new devices by manufacturers, carriers, or retailers without the purchaser's request or choice. Device manufacturers receive payment from software vendors to include their applications on shipped devices. From the user's perspective: resource-consuming, often unwanted programs present from the first boot. From a security perspective: an expanded attack surface of potentially unpatched software that the user did not choose and may not even know exists. Includes trial software, vendor-specific utilities, games, shopping apps, streaming services, and other applications.
Attack Surface (Bloatware Context)
The total number of software components that could potentially be exploited on a system. Every installed application β including bloatware β adds to the attack surface. Bloatware that the user never opens or needs is still installed software with potentially exploitable vulnerabilities. A device with 20 bloatware applications has 20 additional attack surfaces from the first day of use. Minimizing installed software (removing bloatware) directly reduces the attack surface, following the security principle of least functionality.
Third-Party Uninstaller
Specialized software designed to remove applications that the operating system's built-in uninstaller cannot fully remove. Third-party uninstallers can force-remove stubborn applications, clean up registry entries and leftover files, and handle applications with broken or deliberately non-functional uninstallers. Examples: Revo Uninstaller, IOBit Uninstaller, Geek Uninstaller. Should be used with caution and only after standard removal methods fail β aggressive removal tools can inadvertently remove components that other applications depend on. Always back up before using.
Potentially Unwanted Program (PUP)
Software that is not clearly malicious but is installed without fully informed user consent and often behaves in ways users would object to. PUPs include adware, browser toolbars, search engine hijackers, and performance "optimizer" tools that frequently do more harm than good. PUPs occupy a gray area β they are typically disclosed somewhere in license agreements (making them technically consented to) but designed to be overlooked. Anti-malware tools like Malwarebytes flag PUPs alongside clearly malicious software because their behavior violates user expectations and privacy.