GridinSoft Threat Intelligence

Malware categories and detection taxonomy

A structured index of ThreatInfo reports grouped by detection family, prevalence, and investigation context.

Threat taxonomy

How ThreatInfo groups observed malware reports

These categories organize file reports by GridinSoft detection context. The distribution below reflects indexed ThreatInfo observations and helps separate high-volume unwanted software from lower-volume, higher-risk families such as ransomware, password stealers, and backdoors.

Indexed category hits 91,294

Prevalence snapshot

Most represented categories

Adware 38.5% PUP 36.7% Trojan 8.0% Worm 6.7% Virus 4.1% Ransom 2.1%

Browse reports

Detection categories

Adware 35,177 reports Programs that inject advertising, change browser behavior, or monetize traffic through bundled components. PUP 33,500 reports Potentially unwanted programs, bundlers, installers, and utilities with intrusive behavior. Trojan 7,307 reports Malware disguised as legitimate software or delivered through deceptive packaging. Worm 6,089 reports Malware capable of spreading across systems, removable media, or networks. Virus 3,787 reports Self-replicating or infecting malware families and related samples. Ransom 1,897 reports Ransomware families and files associated with encryption or extortion workflows. Hack 765 reports Tools used to bypass protections, alter software behavior, or enable unauthorized access. Hijack 612 reports Browser, shortcut, proxy, or system-setting changes that redirect user activity. Risk 368 reports Riskware and dual-use utilities that may be legitimate but require careful review. Pack 336 reports Packed or protected files where obfuscation makes trust and intent harder to verify. PWS 306 reports Password-stealing malware and credential collection components. Backdoor 295 reports Remote-access components that can give an operator control over an affected system. Susp 233 reports Suspicious files with signals that require additional review before trust. Virtool 225 reports Virus tools and malware utilities used for modification, loading, or abuse. Crack 208 reports License bypass tools and modified installers that commonly arrive with unwanted payloads. Rootkit 105 reports Low-level components designed to hide activity, persistence, or system changes. Spy 45 reports Monitoring components that collect activity, system data, or user information. Patch 25 reports Patchers and modified binaries often distributed outside trusted software channels. Fake 14 reports Impersonated utilities, installers, or security tools that misrepresent their purpose. Fraud 0 reports Software associated with deceptive billing, scare tactics, or abuse-oriented workflows.