About malware
For individuals, malware’s impact can be devastating — they can lose large amounts of money, personal data, and access to their important accounts.
Businesses impacted by malware can face expensive downtime, extra costs for recovering their systems and information, damage to their reputation, and a loss of customer trust.
Malware often comes disguised as useful-looking software or an urgent security warning. A symptom commonly reported to the NCSC is a sudden pop-up box that claims a computer is locked or infected. Fake alerts like this may include a phone number to call for ‘tech support’ and they often mention Microsoft or another recognised IT brand. Calling the number will not connect you with a genuine technician; instead, you will find yourself talking with a scammer who is likely to demand either upfront payment or remote access to your computer. In some cases, the malware will even disable the ability to close the pop-up, which can create panic and make the user think they need to act as soon as possible.
Also dangerous is malware that users have inadvertently installed themselves. Some cases reported to the NCSC began when a user interacted with someone in an online chat group or community page who shared a link to a malicious download. They may have claimed it was a ‘free system cleaner’, an ‘AI tool’ or a ‘game patch’. The person may have seemed trustworthy because they were a familiar name or appeared in a friendly setting. Such files, when downloaded, may contain spyware or credential-stealing malware that quietly runs in the background without the user realising what has happened.
We recommend that you don’t install software just because an acquaintance, influencer, or social group suggests it. Always take the time to verify links, use the official app stores, and keep security software active where possible. Malware can appear with a friendly face and false warnings, so maintaining a healthy suspicion is a strong form of defence.
Malware trends in 2025
The NCSC has observed a cyber security landscape that is being shaped by a new generation of threats. Malware has quietly evolved from traditional viruses into sophisticated forms that are adaptive, service-based, and even partially autonomous. Attackers are beginning to leverage artificial intelligence in combination with social engineering to create threats that are increasingly difficult to detect and remove. Here are some notable malware trends and developments.
Password stealers and hidden control
It’s such an easy mistake: a momentary lapse of judgement from an individual or business employee is enough to make them click on a malicious link – perhaps about an unpaid invoice or an attractive job offer. The link quietly downloads info-stealing malware, and the programme immediately begins to collect information like email passwords, logins, and cryptocurrency keys, then transmits this to an attacker.
With access to these credentials, the attacker can unlock wider systems and workspaces like Microsoft 365 or Google Workspace. When they’re inside, the criminals may install a remote access trojan (RAT). A RAT enables them to browse files, watch screens, or even operate webcams remotely. With this access, they can copy sensitive data, inject ransomware, or impersonate staff in business email compromise (BEC) attacks targeting external suppliers or contacts.
Malware-as-a-Service
Cybercrime has gone through its own industrial revolution in recent years, with models such as malware-as-a-service (MaaS) offering inexperienced or non-technical criminals the ability to conduct their own malware campaigns using pre-built attack tools, often in exchange for a set fee or a share of the profits from the attack. MaaS operations are found on the dark web, and their services can resemble legitimate business models – featuring dashboards for users, customer support availability, and even different subscription tiers.
The emergence of MaaS means that malware is no longer the exclusive domain of sophisticated hackers; now anyone who has elementary digital skills and can pay with cryptocurrency is able to conduct ransomware campaigns, deploy credential stealers, or even command botnet attacks. In exchange for a modest fee, cybercriminals can obtain browser logins, cryptocurrency wallet details, and personal credentials. MaaS developers can even push out automatic updates to introduce new features and improve the malware’s ability to evade detection.
Living off the land and fileless malware
Living off the land (LotL) is a technique in which a cyber intruder can avoid detection by leveraging the existing system utilities on a computer rather than introducing new ones. By not installing additional suspicious files, traditional antivirus software may not detect anything out of the ordinary. The only clues may be from unusual behaviours – for example a trusted system tool may start running at strange hours or contacting external servers.
Often used in conjunction with LotL is fileless malware, which is a type of malicious delivery that leaves barely any trace on the systems it impacts. Instead of installing a programme and leaving files on a hard drive, fileless malware can exploit tools that are already built into operating systems, like Powershell or Windows Management Instrumentation (WMI). Fileless malware works within a computer’s memory.
AI-powered malware
In 2025, we have seen the emergence of AI-powered malware: code that can make simple decisions without human oversight. This new breed of programmes can adapt automatically to new security environments, avoid detection by rewriting sections of their own code, and choose their own target when an opportunity presents itself.
AI tools can also greatly enhance social engineering techniques. AI can generate phishing messages or fake websites that look extremely convincing, mimic specific writing styles, corporate branding, and even slang used in a particular community. As a local example, AI can flawlessly craft a phishing message in the Māori language. Some AI-powered campaigns can even personalise messages to their targets by using data taken from social media, making them more convincing and improving the success rate.
What New Zealanders can do
Protect your identity
Most malware starts by stealing logins. Use strong, unique passwords for each account and turn on multi-factor authentication (MFA) wherever possible. If an account offers a more secure MFA option, like an app or passkey instead of a text message, use it.
Keep your software and systems up to date
Regular updates close the gaps attackers rely on. This includes your operating system, browser and applications. Enable automatic updates on all devices.
Keep up with your business updates - Own Your Online
Watch for strange behaviour
Malware can be hard to detect, but odd system activity like computer fans spinning hard for no apparent reason, network slowdowns, or unknown pop-ups, can be warning signs. Businesses should use endpoint detection tools that look for unusual events, commands or scripts, not just known viruses.
Back up your data and test recovery
For businesses, the fastest way to recover from a malware incident is to restore clean copies. Keep backups separate from your main systems - attackers often try to delete them. Test your backups regularly to make sure they really work as intended.
Back up your business data - Own Your Online
Educate your people
Whether you run a business, school, or household, the human element matters most. Train staff (or family) to pause before clicking unknown links, double-check unusual payment requests, and report anything suspicious.
Build staff awareness in your organisation
Stay informed
Follow updates the NCSC, or your industry’s security groups. The NCSC regularly publishes alerts about new scams and technical vulnerabilities.