Malware Delivery
The methods and techniques criminals use to install malicious software on a victim's device — including phishing attachments, drive-by downloads, and trojanised software.
Also known as: malware distribution, malware propagation, payload delivery
Last reviewed: 1 June 2026
Malware delivery refers to the attack vectors used to get malicious code onto a target system without authorisation. The three most common methods are: (1) phishing — email attachments (Office documents with macros, PDFs, ZIP files) or links to malicious download pages; (2) drive-by download — visiting a compromised website silently installs malware via unpatched browser or plugin vulnerabilities; and (3) trojanised software — pirated applications, cracked games, or fake utility tools that bundle malware alongside apparently functional software.
Once delivered, the malware may be a keylogger, RAT, ransomware dropper, spyware, or information-stealer depending on the attacker's goal. Modern malware often uses multi-stage delivery: a small 'dropper' arrives first, evades initial scanning, then downloads the main payload from a command-and-control server.
Prevention focuses on keeping software patched, using email security gateways that scan attachments in sandboxes, disabling macros by default, and never installing software from unverified sources.
Examples
- A CV attachment in a recruitment phishing email contains a macro that downloads a remote-access trojan when opened.
- A pirated copy of a popular design application includes a cryptocurrency-stealing information-stealer that runs silently alongside the cracked software.