Skip to main content

The world of cybersecurity (and by extension cybercrime) can often seem overwhelming and confusing, with a myriad of terms and technical phrases used to describe every aspect of its ever-evolving digital eco-system. From spoofing, phishing, and cross-site scripting attacks to packet-sniffing, worms, and HTML smuggling, the average user (whether personal or business) can be easily forgiven for running into a stumbling block or two when trying to understand the sprawling world of cyber threats.

For many, some of the simpler terms and phrases can be the most difficult. None more so than the phrase “crimeware”. Crimeware is a term regularly used in cybersecurity circles to describe a broad range of digital instruments used in hacking attacks by cybercriminals looking to exploit security vulnerabilities to gain access to confidential data and information. . Often associated with digital financial crime, crimeware is one of the biggest parts of the underground/dark cyber economy and has transformed the ways amateur cybercriminals (and non-cybercriminals) access digital tools designed for criminal activity. That’s why we’ve created this guide to crimeware, explaining what it is, what it's used for, how it works, and how you can prevent yourself (or your business) from falling victim to it.

What is Crimeware?

Crimeware is any kind of malicious software, designed to aid criminals in their efforts to undertake illegal activities online. It can be anything from a single program to a physical keylogger. As a result, any type of malware (a digital program or software used for illegal purposes by cyber criminals) can be equally considered a form of crimeware. However, not all crimeware is a form of malware, as it can equally encompass physical pieces of crimeware, such as specialist computer components and burner phones.

The term crimeware is said to have been coined by the notable cybersecurity expert, David Jevans. The Canadian tech entrepreneur is said to have used the term in 2005 at an “Anti-Phishing Working Group” in response to the FDIC article "Putting an End to Account-Hijacking Identity Theft” released in 2004.

What is Crimeware Used for and How Does it Work?

Crimeware is often used for a multitude of different cyberattacks, these include extorting money, stealing financial assets, crashing large computer systems, breaching firewalls to steal documents and other sensitive information, and identity theft. As crimeware encompasses a broad range of software and hardware, it can also be used to describe the programming that automates cybercriminal activities and the guides provided to low-level or amateur malicious actors that allow them to expand their criminal pursuits online.

As crimeware is largely analogous to malware, it works in much the same way: it infects your computer via downloads, phishing websites, weaknesses in outdated software and systems, or malicious links embedded in emails and fake online portals. Once crimeware has made its way onto your system, it can have the variety of consequences that most forms of malware do, including hiding deep in your system’s architecture whilst spying on your computer usage and looking for personal information, taking over your computer system to infect others, using your machine to provide a service to the hacker (like cryptojacking), or stealing sensitive files and data and holding that information to ransom.

Different Types and Examples of Crimeware

Again, owing to its broad definition as any piece of technology that is used to facilitate digital crimes, there are a number of crimeware examples that exist. However, some threat vectors are more common than others and all users should be aware of them.


Spyware is a software or set of malicious code that allows the hacker to spy on their victim’s digital assets and everyday processes, including the use of passwords and entry of other login details online. This also includes keyloggers that can connect to a user’s machine (digitally or physically) and monitor the keystrokes of the victim’s keyboard. Keyloggers are an ideal form of crimeware for stealing credit card information.


Adware is software that often embeds itself in a user’s system and shows them unwanted advertising whilst online, or, sometimes, when offline on their local machine. Links provided by these unwanted advertisements may be used to forward the user to fake/phishing websites and login windows to further extort the user.


This is a particularly insidious type of crimeware that finds its way onto a user’s system and encrypts (some or all) of their system’s data and assets. The ransomware will then proceed to demand financial payment (usually made in Bitcoin or another cryptocurrency) in exchange for the decryption code or release of the victim’s system.

Trojan Horses

The aptly named crimeware is a type of software or malicious code that sneaks into a user’s system disguised as a legitimate program or downloadable software. Once in the victim’s system, they are hard to detect and usually give the hacker some sort of remote access to their victim’s system (these types of Trojan Horses are usually referred to as RATs or Remote Access Trojans) and allow other forms of crimeware to be installed locally on the victim’s machine. It is for this reason that RATs and other Trojans are often used in crimes of identity theft and financial fraud.

Packet Sniffers

Sometimes known as packet analyzers, protocol analyzers, or network analyzers, this crimeware allows the hacker (or hackers) to monitor information, or “traffic”, that is transferred across a network. This form of crimeware can examine streams of data flowing between computers on a local network as well as between computers on a larger, internet-enabled network.

Worms and Viruses

Sometimes confused with each other or thought of as the same thing, viruses and worms are a form of replicating malicious code that can perform a number of different functions, including stealing data and monitoring a user’s activity. To be clear, viruses are most often attached to a benign file or document sent by a hacker, which begin to corrupt and replicate when unwittingly executed or opened by the victim. Worms, on the other hand, are stand-alone malicious programs that can self-replicate and propagate independently (across networks) as soon as they have breached the system.

What is Crimeware-as-a-Service Model (CaaS)?

Crimeware-as-a-Service, or CaaS, is a term that refers to a model of cybercriminal activity that allows experienced hackers and digital criminals to provide their services, or tools, to less experienced cybercriminals in exchange for payment. Initially, the world of cybercrime consisted of a number of trained malicious actors that chose to break laws and “trespass” in certain parts of the internet for the challenge and thrill. Often resulting in financial damage to their victims and little financial gain to the hackers themselves, the Crimeware-as-a-Service model has permitted prolific hackers and hacking groups to amass significant amounts of money over the last 20 years.

The term is analogous to the popular delivery model Software-as-a-Service, or SaaS, where software is provided by professionals to businesses when requested. The Crimeware-as-a-Service model has become an increasingly important part of the digital dark economy over the last decade and has helped a number of underground criminals to automate their activity digitally and relatively inexpensively. Equally, the creation of digital forms of traditionally non-cybercriminal activity (such as the infrastructure for digital money laundering) has allowed many more criminals to become involved in much more complex forms of extortion and racketeering.

How to Prevent and Protect Against Crimeware Attacks

As crimeware is vast, protecting your system against notable crimeware requires you to follow and implement the most up-to-date cybersecurity practices and methods.

Keep All of Your System and Software Updated

One of the easiest access points for a range of different crimeware is through exploiting weaknesses in outdated software and systems. As a result, it’s imperative that all programs (third-party or otherwise) are kept updated with the latest patches from the IT team or external developers (such as browser updates from Google or Microsoft), and that local machines are running the latest versions of their chosen operating system.

Use a Virtual Private Network

One of the easiest ways to protect from crimeware attacks is for you or your external employees to use a dedicated VPN, like Kaspersky’s VPN connection software. A VPN allows its user(s) to connect to a company’s assets remotely via a secure and encrypted digital tunnel, protecting the external and internal systems from the potential dangers of unsecured internet connections when a user is on the move. If you’d like to learn more about how VPNs work, you can take a look at our article. If you’re an owner of a business, we also recommend closing any network ports that are misconfigured or unsecured, as they can also be easily exploited through various scanning techniques by crimeware.

Make Sure to Backup All Your Data Regularly

As crimeware can take on a number of different forms, one of the best cybersecurity measures you can take is to make sure periodic backups of the server(s) itself/themselves and any important data are also backed up and stored securely offline. In this way, in the event that your data is breached by crimeware and sensitive information is stolen or held ransom by a hacker, you can easily get a recent backup so that business as usual can continue unimpeded. Remember, with any backup, it’s important that each one is tested to see if it is operating as would be expected, so don’t forget to test your recovery images as well.

Use a Dedicated Security Software

By far the simplest and easiest way to protect your personal or professional system and digital assets from a crimeware attack is to use a trusted cybersecurity provider to manage all of your digital infrastructure and data. For an all-inclusive and award-winning cybersecurity software (with remote assistance, existing threat removal, and 24/7 support) that offers you the best defense against the ever-evolving world of cybercrime, try Kaspersky Premium today. With private and uninterrupted browsing and an asset monitoring system, our dedicated security solution is one of the best ways to protect against crimeware everywhere.

Be Wary of All Attachments Sent Via Email

With the recent surge in malicious HTML attachment attacks and HTML smuggling incidences, cybersecurity specialists are warning everyone to be aware of opening attachments, even from known senders. Many different types of crimeware can be hidden in almost all file types and easily disguised as an innocuous spreadsheet or PowerPoint presentation.

Crimeware FAQs

What is Crimeware?

Crimeware is any kind of malicious software, hardware, or code designed to aid criminals in their illegal activities online. As a result, all types of malware can be equally considered as forms of crimeware. However, not all crimeware is a form of malware, as the term encompasses physical hardware as well.

What is Crimeware used for?

As the term crimeware encompasses all types of malware, crimeware can be used for all manner of cybercriminal activities. This includes the invasion of exterior systems, taking control of a local machine or network of machines, holding data and personal information to ransom, and monitoring user activity for extorting, or identity theft.

What are Crimeware examples?

As the term crimeware encompasses all types of malware and any physical piece of digital technology used to facilitate digital crimes, there are a number of notable crimeware examples, including Spyware (including Keyloggers and Packet Sniffers), Adware, Malicious Files and Attachments, Ransomware, Viruses, Worms, and Trojan Horses.

What is Crimeware-as-a-Service?

Crimeware-as-a-Service (CaaS) is a term that refers to the model of cybercrime where experienced cybercriminals offer their tools and services to other inexperienced criminals. The term is analogous to the popular delivery model Software-as-a-Service (SaaS), where software solutions are provided by professionals to businesses when requested.

Related articles:

Recommended products:

What is Crimeware?

Worried about crimeware on your system or concerned about Crimeware-as-a-Service affecting you? If so, read our complete guide to crimeware here.
Kaspersky Logo