Crimeware is a class of malware designed specifically to automate cybercrime.[1]

Crimeware (as distinct from spyware and adware) is designed to perpetrate identity theft through social engineering or technical stealth in order to access a computer user's financial and retail accounts for the purpose of taking funds from those accounts or completing unauthorized transactions on behalf of the cyberthief. Alternatively, crimeware may steal confidential or sensitive corporate information. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer valuable, confidential information.

The term crimeware was coined by David Jevans in February 2005 in an Anti-Phishing Working Group response to the FDIC article "Putting an End to Account-Hijacking Identity Theft,"[2] which was published on December 14, 2004.


Criminals use a variety of techniques to steal confidential data through crimeware, including through the following methods:

Delivery vectors

Crimeware threats can be installed on victims' computers through multiple delivery vectors, including:


Crimeware can have a significant economic impact due to loss of sensitive and proprietary information and associated financial losses. One survey estimates that in 2005 organizations lost in excess of $30 million due to the theft of proprietary information.[8] The theft of financial or confidential information from corporate networks often places the organizations in violation of government and industry-imposed regulatory requirements that attempt to ensure that financial, personal and confidential.

United States

US laws and regulations include:

See also


  1. ^ Crimeware: Understanding New Attacks and Defenses. informit. Addison-Wesley Professional. 6 April 2008. ISBN 9780321501950.
  2. ^ "FDIC: Putting an End to Account-Hijacking Identity Theft".
  3. ^ "Cyberthieves Silently Copy Your Password", The New York Times
  4. ^ Swinhoe, Dan (2020-04-23). "Pharming explained: How attackers use fake websites to steal data". CSO Online. Retrieved 2020-12-05.
  5. ^ a b Symantec Internet Security Report, Vol. IX, March 2006, p. 71
  6. ^ "Protecting Corporate Assets from E-mail Crimeware" Archived January 21, 2012, at the Wayback Machine Avinti, Inc., p.1,
  7. ^ Sood, Aditya (2013). "Crimeware-as-a-service—A survey of commoditized crimeware in the underground market". International Journal of Critical Infrastructure Protection. 6 (1): 28–38. doi:10.1016/j.ijcip.2013.01.002.
  8. ^ CSI/FBI Computer Crime and Security Survey 2005, p.15