Skip to main content


Home Ghostware

Ghostware

Ghostware definition

Ghostware refers to a type of malware designed to avoid detection by traditional security measures. It’s used to gain access to sensitive information from high-value targets such as governments. As it is designed to escape regular antivirus scans, ghostware can stay undetected for a long time.

See also: antivirus, anti-spyware, computer virus, spyware, spear phishing, bios rootkit

How to recognize ghostware:

  • Unusual network activity. Ghostware relies on communicating with its control server to exfiltrate the collected data. Unusual network activity, such as a large amount of data being uploaded or unauthorized connections could indicate ghostware.
  • Suspicious processes. Checking for unfamiliar or suspicious processes in the “Task manager” can help detect ghostware.
  • Changes to files or settings. Viruses may make modifications without the user’s knowledge.

How to remove ghostware?

  • Use an antivirus. Antivirus software can sometimes be able to detect and remove threats such as ghostware. It’s important to keep software up to date.
  • Rootkit removal tools. They can help detect and remove ghostware using rootkits to hide on the system.
  • Backup. The user may use a recent backup to restore the computer to a state before the ghostware infection occurred.
  • Professional help. As removing ghostware can be a complex and time-consuming process, sometimes it can be best to seek the help of a cybersecurity professional.