Malware is malicious software that can damage or destroy a device or network, or give an adversary access to a device and the data on it (AP Cybersecurity EK 4.1.B.1). It's the tool adversaries use to carry out part of an attack plan.
Malware is short for "malicious software," and that's exactly what it is: code written to harm a device, harm a network, or hand an attacker access to your data (EK 4.1.B.1). Think of it as the weapon an adversary deploys once they've found a way in. It's rarely the whole attack by itself. EK 4.1.B.2 frames malware as a tool an adversary uses to accomplish part of a bigger plan toward their ultimate goal.
There isn't just one kind. The CED lists several types you need to tell apart. Viruses need a user to do something, like opening or running a file, before they activate. Worms are scarier in one way: they spread computer to computer with no human interaction at all. Trojans hide inside software that looks harmless, and a remote access trojan (RAT) specifically gives the attacker remote control of the infected device. Other variants you'll meet include ransomware (encrypts your drive and demands payment), keyloggers, logic bombs, and fileless malware. The common thread is that all of them exist to cause loss, damage, disruption, or destruction.
Malware lives in Unit 4: Securing Devices, specifically Topic 4.1 (Device Vulnerabilities and Attacks). It's the backbone of learning objective AP Cybersecurity 4.1.B, which asks you to identify the type of malware used in a cyberattack. That means it's not enough to know "malware = bad software." You have to match a scenario to the right category.
Malware also ties straight into 4.1.C (how adversaries exploit vulnerabilities) and 4.1.D (assessing and documenting risk). Unpatched software lets an adversary deliver an exploit, and malware is often what that exploit drops onto the device. From there the risk follows: ransomware locks your data, a RAT hands over control, a wiper destroys memory. The exam wants you to connect the vulnerability, the malware, and the resulting damage as one chain.
Keep studying AP Cybersecurity Unit 4
Visual cheatsheet
view galleryDevice Vulnerabilities and Exploits (Unit 4)
Vulnerabilities are the unlocked door; malware is what walks through it. EK 4.1.C.1 explains that adversaries develop exploits for known software flaws, and unpatched devices let those exploits succeed. Often the payload that exploit delivers is malware that then steals data or takes control.
Remote Access Trojan / RAT (Unit 4)
A RAT is just one specific flavor of malware, but it's the one that gives an attacker live, remote control of your device (turning on a webcam, issuing commands). If a question describes an attacker controlling a machine from afar, that's a RAT, which is a type of trojan, which is a type of malware.
Anti-Malware and Defense (Unit 4)
Every malware type has a counter. One practice scenario flags a computer with no firewall, no anti-malware, and an unprotected BIOS as a stack of security weaknesses. Knowing what malware does is what makes anti-malware tools make sense as the fix.
Command and Control / C2 (Unit 4)
Once malware lands on a device, it often phones home to a command and control server so the attacker can send instructions. Malware is the foothold; C2 is the leash the attacker uses to direct it.
On multiple-choice questions, you'll get a scenario and have to name the right term. One practice item describes attackers writing code to take advantage of an OS flaw and asks which term describes that code, the answer is an exploit, not malware, so read carefully about what the question is naming. Other stems ask you to identify the type of malware (virus vs. worm vs. trojan) from how it spreads or activates. The big tell: if it spreads on its own with no human action, it's a worm; if a user has to open a file, it's a virus; if it's hidden in harmless-looking software, it's a trojan. No released FRQ has used "malware" verbatim, but the term supports exactly the kind of vulnerability-to-impact reasoning that Topic 4.1 free-response work rewards.
An exploit is the code that takes advantage of a vulnerability to break in. Malware is the malicious payload that often gets delivered once the break-in works. A practice question describes attackers developing code to abuse an OS flaw, that's the exploit, the ransomware or RAT it later installs is the malware. One opens the door; the other does the damage inside.
Malware is malicious software that can damage or destroy a device or network, or give an adversary access to a device and its data (EK 4.1.B.1).
Adversaries use malware as a tool to accomplish part of a larger attack plan, not usually as the whole attack by itself.
Viruses need a user to activate them, worms spread with no human interaction, and trojans hide inside software that looks harmless.
A remote access trojan (RAT) is a specific malware type that gives an attacker remote control of the infected device.
Malware connects vulnerabilities to harm: unpatched software lets an exploit run, the exploit drops malware, and the malware causes loss, ransom, or destruction (4.1.C, 4.1.D).
Malware is malicious software designed to damage or destroy a device or network, or to give an adversary access to a device and its data (EK 4.1.B.1). It's a core concept in Unit 4, Topic 4.1, and learning objective 4.1.B asks you to identify the type used in a given attack.
No. A virus is one type of malware, not the whole category. Malware is the umbrella term, and viruses, worms, trojans, RATs, ransomware, and keyloggers all fall under it. A virus specifically requires a user to open or run a file before it activates.
An exploit is code that takes advantage of a vulnerability to gain access; malware is the malicious payload that often gets installed once that access is achieved. The exploit opens the door, the malware does the damage inside. AP questions like to test this exact distinction.
The key tell is human interaction. A virus needs a user to do something, like open a file, before it spreads or activates. A worm spreads from computer to computer all on its own with no human action required.
Match the behavior to the type: needs a user to open a file = virus; spreads by itself = worm; hidden in harmless-looking software = trojan; gives remote control = RAT; encrypts the drive for payment = ransomware. The scenario's clues about how it spreads or what it does point you to the answer.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.