Drain
Malicious smart contract. The main task is to pump out all the cryptocurrency on the user's wallet. When connected, it issues a request for trust management of assets and if you sign it, then all the cryptocurrency will go to the attacker. The most expensive option is equal to Stealer-IOS and costs from 4k$-10k$
Clippers (Trojan)
This is one of the types of Trojan for replacing the clipboard. The clipper replaces wallets/links copied by the user with wallets/links of the creator. Usually not noticed by antivirus.
Silent Miner (Trojan)
Unlike classic Trojans, new malware is designed to spread among private users' systems - they do not need information, passwords or credit card data. These viruses are only interested in the hardware capabilities of the computer - they mine cryptocurrency
Trojan
The main specificity of a Trojan is to deceive victims by using a shell of harmless software. As a result, the pure form of a Trojan is expressed only by its shell, no more and no less. In comparison with a virus (as well as with many other malware), a Trojan does not have execution algorithms as such, because it is only a shell, a form without content. In itself, it is meaningless, like a virus that does not execute specific logic, but only due to such information about pure functions we will be able to consider compositions of heterogeneous software more qualitatively.
Worm-virus
The main specificity of the worm is its self-replication, due to which it becomes capable of duplicating itself both within one system, creating multiple copies in directories, and moving through systems, creating its own copy in each individual one. Unlike a virus, which has exactly the same self-replication mechanism, a worm does not penetrate into existing software, but creates its copy as a separate file.
Ransomware
The main specificity of the encryptor is the encryption of files on the victim's system, so that the victim cannot restore everything previously encrypted. In this case, the victim simply loses all the files that he/she has ever saved. Often, the encryptor is also called a ransomware, which is justified to a certain extent, since such a ransomware often personally offers a way to decrypt all previously encrypted files for a ransom in monetary equivalent. Unlike the previously considered viruses, Trojans and worms, which do not have destructive logic as such in their execution, encryptors, on the contrary, present an undisguised process of destruction as pure logic.
Locker
The main specificity of a locker is blocking the victim's actions when working in the system. In this case, the victim either cannot move the mouse, or cannot view files, or may not have access to the file system at all. A locker is also sometimes called a ransomware when it blocks the victim's screen and displays a field for entering an unlock password and details with the need to "buy out" the ability to continue using the system. Unlike a ransomware, which blocks access to files by encrypting them, lockers use interface blocking without harming the files themselves.
Rat (Remote Access Trojan)
A remote access program itself is not malware, however, it can be used as such. In the presentation of pure functions, remote access programs are exclusively the fact of data transfer from one system to another, no more and no less. Accompanying actions (including destructuring) can be considered as a combination of applications of several programs. From the point of view of our concept, this will not be entirely correct, because remote access programs in their pure form are separated from Trojans, and as a result, do not represent a method of any deception. Plus, a remote access program can be installed by other methods, different from Trojans, because of which the term RAT itself begins to lose its validity completely. In this case, for subsequent abbreviation, I will sometimes use the abbreviation RAP - Remote Access Program (it will sound strange, I agree).
Stealer
The main specificity of a stealer is the automatic theft of information from the victim's system. Unlike viruses, worms, Trojans, remote access programs, a stealer reduces a pure function to a specific action-result, similar to lockers and encryptors. Stealers in their form are numerous, ranging from spyware programs (Spyware), reading information in a streaming mode from the keyboard and webcam, ending with stealers loaded onto a flash drive or installed as code in Arduino for automatic launch
Rootkit-virus
The main specificity of a rootkit is concealment of actions, covering up traces or ensuring fault tolerance in the execution of certain programs. A rootkit in its pure form does not inherit a specific destructive logic, as encryptors, lockers and stealers adhere to, but at the same time it ensures concealment of their actions or prevention from their premature shutdown. Thus, rootkits can be considered as some assistants that ensure the uninterrupted execution of specific external functions.
Bootkit-virus
The main specificity of a bootkit is calling programs before loading the operating system, as a result of which the bootkit becomes able to effectively hide previously launched processes that cannot be seen by standard OS tools. The pure function of a bootkit is only the ability to perform established actions without defining their purpose. In other words, a bootkit, technically, in its pure form, can be harmless, storing "hello, world" in a certain sector of the HHD or SSD before loading the OS.
Bootnet
The main specificity of a botnet is the cooperation of many infected victims (bots) in order to carry out a planned action that requires a lot of computing resources. An example of such malware can be miners that calculate the required hash in a Proof-of-Work task. Another example of botnets can be a distributed denial of service (DDoS) attack. A botnet can be both centralized and decentralized. The latter form can also be divided into two types - controlled and uncontrolled botnet. In the first case, there is a controlling node, while in the second case there is no control of actions at all
Setup Wizard
The main specificity of the installer is the automatic download and launch of programs. To a certain extent, installers are similar to remote access for the simple reason that both are malware created to transport data. But unlike remote access, the actions of which are carried out manually and are directed from the attacker to the victim, installers act completely autonomously according to a specific algorithm, and their actions are the opposite of remote access and are directed from the victim to the attacker.
Cleaner-virus
The main specificity of the cleaner is the irreversible deletion of all possible files on the victim's system. Unlike many encryptors, which make it possible to decrypt all encrypted information by transferring money, cleaners act more radically.
Setup
The main specificity of the initializer is the installation of malware in the process of automatic startup by the operating system after its start. It is one of the most common assistants due to its relative simplicity and the ability to reproduce the execution of programs even after the system is restarted. In addition to the fifteen malware I mentioned above, there is also a huge number of other all sorts of software, ranging from programs with an endless cycle of opening/closing disk drives, programs that clog up all disk space and ending with bioskits. Nevertheless, the above list will be enough for us to consider the possibilities of combining, as well as to begin to classify malware by the method of application in conjunction with other malware.
