Security awareness

The Not-So-Black-and-White of Grayware

Susan Morrow
February 20, 2019 by
Susan Morrow

We hear a lot about malware, and fair enough — malware is behind some of the world’s largest data breaches. However, malware has a cousin. This cousin is known as grayware.

Grayware, as the name suggests, sits somewhere in the middle between purposely malicious and not. At best, this software is annoying; at worst, it can act as an open doorway to actual malicious programs. As grayware apps are unlikely to have been developed using secure coding practices, they leave your IT resources, including mobile devices, open to Internet-borne threats.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

Grayware, also known as Potentially Unwanted Program or Potentially Unwanted Application (PUP/PUA), is on the rise. According to Symantec’s Internet Security Threat Report 2018, there was a 20 percent increase of grayware in 2017. The report also found that 63 percent of grayware on mobile apps leaked the device’s phone number. Grayware, then, is more than an annoying pop-up: it is a threat to the security and privacy of our data.

Three Shades of Grayware

Grayware is a coverall term for a number of software programs, sometimes intentionally installed in the belief they are safe. As well as being a risk because of poor coding and lack of attention to security, they also cause other issues on a computer, including:

  • Slow performance. Grayware is usually poorly coded, and so uses up large amounts of computer resources to run
  • Showing almost continuous pop-ups on your computer screen
  • Your browser homepage is suddenly set to an unknown page
  • An unknown search engine opens in your Web browser
  • Web browser toolbars have new toolbar items installed that you weren’t aware of

Some of the most prevalent grayware types include:


Adware does what it says on the box: it shows you ads. The ads are usually displayed when you open your browser.

The thing about adware is it is highly invasive. If you think that targeted marketing by Amazon is bad, adware is worse. The grayware behind the ads is designed to check out your location and capture Web surfing information. It then uses this data to serve you ads. It can also redirect you to sites you didn’t intend to visit, which then serve up further ads. The people behind the adware can also sell your data to third parties who then also serve you ads. It is annoying, but it is also a violation of your privacy.

There are a number of famous, or rather infamous, adware programs that pop up from time to time. These include RinoReader and OpenCandy Adware. Adware is often bundled with other adware or spyware (see below).

More recently, adware is being packaged with actual malicious malware, including ransomware. Djvu Ransomware has recently been found to be installed along with adware.


Spyware and adware are often symbiotic species — the adware feeding off the spyware. Although spyware comes under the heading of grayware, it is far from innocuous. Spyware can be installed when you agree to the T&Cs of what seems legitimate software from a download on a file-sharing site, or when you open an email attachment. Spyware spies on you. The software sits on your device and quietly steals data via actions like keystrokes, screenshots, information you enter into a webform, login credentials and so on.

Spyware that is bundled with adware is designed to capture your Web browsing habits and feed them to the adware. The adware then delivers targeted ads.


Madware is adware for mobiles. The word is a portmanteau of mobile adware. If your phone becomes infected with a mad PUP you are likely to see ads across your mobile interface, including in your photo collection, as well as pushing ads via notifications. One type of madware even sends out an ad using the ringtone of your phone.

That is annoying and even embarrassing, but worse still, this grayware can also be a security and privacy issue. Some madware will collect your mobile number, contact lists and personal data and send them to the person controlling the adware.

Symantec’s Internet Security Threat Report 2016 found a 77 percent increase in madware-infected mobile apps. The threat continues unabated, as Google Play recently had to remove 85 apps in store which contained adware.

5 Fixes for Grayware

You can protect yourself against the annoyance, security and privacy risks of grayware with five simple fixes:

1.   Patch

Grayware, like the better-known malware, can take advantage of security flaws to perform an installation. Keep your devices up-to-date and make sure security patches are installed promptly.

2. Security Awareness

Security awareness is a key way to prevent infection by all types of malware, including grayware. Use a security awareness training program to teach your extended workforce about security threats. Knowing how grayware becomes installed on a device can help to prevent that happening in the first place.

3.   General Phishing Awareness

Security awareness training programs can also offer phishing simulation exercises. These help to train users in how to spot phishing attempts. They give the user a general “feel” and understanding of what constitutes an attempt by a nefarious element to install rogue software.

4.   App Care

Mobile adware or madware infects mobile devices when rogue apps are installed. Make sure that your organization follows a policy of only allowing installation of mobile apps from reputable stores, and that the apps have been checked.

5.   Internet Security Software Can Help

Finally, certain anti-malware products can help to prevent infection by grayware. However, it is important not to depend entirely on such solutions. New variants of grayware come out frequently. It is always a good policy to use a combination of technology and human defense solutions like security awareness to prevent infection by malware and grayware.

Keeping on the Light Side of Grayware

Don’t be fooled by the seemingly innocent name of grayware. This type of nasty software has its own malicious elements. It may seem just an annoying ad popping up on your screen, but there’s far more to it. As well as the intrinsic issues it can cause to your device, it has hidden security and privacy issues. Don’t be fooled into thinking grayware isn’t as important to protect against as malware — stay aware of the issues of grayware and stay safe.

Get six free posters

Get six free posters

Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.



  1. Internet Security Threat Report, Volume 23, Symantec
  2. Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles, BleepingComputer
  3. Internet Security Threat Report, Volume 21, Symantec
  4. Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users, Trend Micro
Susan Morrow
Susan Morrow

Susan Morrow is a cybersecurity and digital identity expert with over 20 years of experience. Before moving into the tech sector, she was an analytical chemist working in environmental and pharmaceutical analysis. Currently, Susan is Head of R&D at UK-based Avoco Secure.

Susan’s expertise includes usability, accessibility and data privacy within a consumer digital transaction context. She was named a 2020 Most Influential Women in UK Tech by Computer Weekly and shortlisted by WeAreTechWomen as a Top 100 Women in Tech. Susan is on the advisory board of Surfshark and Think Digital Partners, and regularly writes on identity and security for CSO Online and Infosec Resources. Her mantra is to ensure human beings control technology, not the other way around.