Abandonware is software that is shelved by its developer. As such, it is no longer updated nor supported so it may be rife with vulnerabilities.
Account harvesting is the process of gathering user accounts from a system, service, or database using a variety of methods, such as malware or phishing.
Account hijacking is the process of taking over user online accounts, such as email and social media accounts.
An ad blocker is software that blocks advertisements, including pop-ups, when a user visits websites.
Ad fraud happens when advertisers pay for ads with false impressions. For more information, see this blog post on the difference between adware and ad fraud.
Synonym: Invalid traffic
An ad rotator allows two or more ads to alternately show in the same place on a website. The rotator triggers whenever a user refreshes or revisits a site.
An add-in is software that gives additional functionality to a device or another software.
An address bar is the text box in your web browser that displays the web page URL or IP address. At times, it functions as a search bar if the user entered text that is an invalid URL.
Address bar spoofing
Address bar spoofing is a technique where the legitimate URL on a browser address bar is replaced with a rogue one. This then leads to potential data or financial theft.
Address Resolution Protocol (ARP)
An address resolution protocol (ARP) is the system or process of mapping or finding a physical address belonging to an IP address in the local network.
Advanced Encryption Standard (AES)
Developed by the National Institute of Standards and Technology (NIST), Advanced Encryption Standard (AES) is a block cipher that provides fast, strong, and secure encryption of classified data. AES was created as an alternative to the Data Encryption Standard (DES), because it became vulnerable to brute-force attacks.
Synonym(s): Rijndael Block Cipher
Advanced persistent threat (APT)
An advanced persistent threat (APT) is a prolonged, targeted attack on a specific entity or entities with the intention of compromising their systems and gaining information from or about them. For more information, see this blog post on an in-depth look at APT and why cybersecurity professionals often groan at claims of APT attacks.
Advanced Research Projects Agency Network (ARPANET)
The Advanced Research Projects Agency Network (ARPANET) was an experimental computer network, which later on became the basis for the Internet.
Adware, or advertising-supported software, is software that displays unwanted advertising on your computer device. For more information, see this blog post on adware delivery methods.
For an in-depth look at adware, see this page.
Air gap refers to computers that are incapable of physically connecting to a network or another computer that is connected to the internet. Air-gapped systems were believed to be more secure until Stuxnet disproved this.
Other forms: Air gapping
An always-on device, software, or network denotes that it is constantly accessible.
American Standard Code for Information Interchange (ASCII)
The American Standard Code for Information Interchange (ASCII) is an encoding standard for electronic communication. Codes in the ASCII table represent text in computing devices.
In computing, analog is a term used to describe old-fashion and slow computers and other devices.
If used in the context of signals, an analog references to a mechanism or device where information is presented by variable physical quantities.
Android is Google’s flagship operating system for smartphones and tablets. Manufacturers have adapted Android in televisions, smart-watches, cars, and many other electronic devices.
For an in-depth look at Android antivirus, see this page.
An Android app is a program designed for the Android OS.
Annoybot is software that repeats an annoying task. IRC bots, for example, are annoybots that send out unsolicited messages to participants in a channel.
Annoyware is software that continuously shows reminders or pop-up windows to remind users to perform a particular action, such as registering or buying software.
Synonyms: Nagware, Begware
Anomaly detection is identifying irregularities or deviations in patterns, data points, events, or observations that do not conform to the norm or the expectations of businesses or groups. Not all detected anomalies are malicious.
Synonym: Outlier detection
Anonymization is the action or an attempt to disable the ability to track back information or actions to a specific user.
Other forms: Anonymize
An anonymizer is a tool that minimizes the amount of tracking done during surfing in an attempt to hide the true identity of the user.
Synonyms: Anonymous proxy
Anonymous, in computing, is to keep one’s true name and identity concealed online with the use of various applications.
Other forms: Anonymity
Anti-ransomware is software specifically designed to combat ransomware. Such software could make use of specific techniques that general security tools don’t deploy.
Anti-virus (AV) killer
An AV killer is malicious code that disables the user’s anti-virus software to avoid detection. Sometimes, this term is used for malware that disables firewalls.
Antivirus is an antiquated term used to describe security software that detects, protects against, and removes malware.
For an in-depth look at antivirus, see this page.
An applet is a piece of software that usually performs one specific task. Applets are often part of a more complex program.
Application programming interface (API)
An application programming interface (API), in simple terms, is a means for different software to talk to one another. It is the code that governs its server’s access points. APIs have many uses and take many forms.
Application security is the practice of applying security measures to the software application. This has to be done to defend against threats and attacks from the outside that attempt to exploit the app.
Artificial intelligence (AI)
AI is a system’s or an application’s ability to correctly interpret and learn from data to achieve specific goals and tasks. For more information, see this blog post on how AI and machine learning can impact cybersecurity.
Synonym: Machine intelligence
Astroturfing is the masking of initiatives by corporations, governments, or political parties to make a campaign appear spontaneous or initiated by civilian groups. Sometimes, masking the origin makes a campaign more effective or less controversial.
Asymmetric cryptography is a system of secure communication that uses a pair of keys: a public key and a private key. A public key can be shared with anyone and publicly known, but only a private key must be kept secret and known only by the owner.
Synonym: Public-key cryptography
An attack vector feres to the technique used to obtain unauthorized access to a system or network. It is an integral part of vulnerability research to know which attack vector is or might be used.
Attribution is the practice of taking forensic artifacts of a cyberattack and matching them to known threats against targets with a profile matching a particular organization. For an in-depth look, see our two-part blog series on when you should care about attribution and why one shouldn’t overthink it.
Augmented reality (AR)
AR is a cross between the physical world and virtual reality. It adds images, sounds, motion, and even smell to the physical reality.
In computing, authentication is the process of verifying the identity of a user or process. For more information, see this blog post on the basics of two-factor authentication (2FA).
Other forms: Auth
An autonomous system is a group of networks managed by one large entity to ensure there’s a reliable routing policy to the internet.
A backdoor is a type of Trojan that allows a threat actor access to a system by bypassing its security. This term can also refer to the method of gaining access to user systems undetected.
For an in-depth look at backdoors, see this page.
Other forms: backdooring
A bad sector is a sector on a computer’s disk or flash drive that is already unusable. This is usually caused by physical damage.
Bait advertising is an unethical advertising practice wherein customers are promised a sale or inexpensive item. However, once customers are interested, the advertiser makes the product unavailable then redirects them to a similar product that is more expensive.
Synonym: Bait and switch advertising
A banking Trojan is a type of Trojan specifically created to harvest credentials and other sensitive financial and personal information stored and processed through online banking systems.
In the context of computer malware, behavior refers to the actions malware performs on an affected system once executed.
Behavioral biometrics is a biometric modality that dynamically analyzes and quantifies unique identifiers and measurable human patterns. For more information, see this post on the use of behavioral biometrics in the financial sector.
Big data pertains to huge datasets that can be analyzed computationally to reveal trends, patterns, and associations. Companies use big data to improve their operations and make more intelligent decisions.
A binary is a numerical system with only two different values: 0 and 1, or True and False. Binary is popular in both electronics and in computing.
In computing, biohacking is a form of hacking that refers to the application of IT concepts to biological systems, usually the human body.
Biohacking can include the modification of the human body, such as introducing implants and other wearable computing tech.
Biometrics is the measurement and statistical analysis of people’s physical and behavioral characteristics. In biometrics authentication, personally identifiable and unique features are stored in order to give the holder access to certain resources.
BIOS stands for “basic input/output system”. It is firmware used by the computer’s microprocessor to initialise the computer when the user physically turns it on.
Bitcoin is a type of digital currency, or cryptocurrency, which is a payment medium that is not tied to a central bank or regulated by a governing body. Instead, it relies on secure storage of transactions on a technological platform known as blockchain.
Bitcoin is a popular payment method among Internet criminals, as it uses a fast, reliable, and verifiable system.
Black Friday is regarded as the unofficial start of the Christmas shopping season. Starting from midnight on the Friday after US Thanksgiving, retailers open their doors and offer numerous specials and deep discounts. Because of this, consumers often go online or to brick-and-mortar retail shops en masse.
In computing, a blacklist usually refers to a list of domains and/or IP addresses that are known or suspected malicious servers and/or domains. These lists are used to protect users from receiving mail from the blacklisted servers or from browsing to dangerous sites hosted on these domains/IP addresses.
A blended threat is an attack that makes use of multiple vectors to gain leverage on a target. This could include malware, phishing, social engineering and more.
Blue Screen of Death (BSoD)
A Blue Screen of Death (BSoD) occurs on Windows systems when a full blue screen appears to the user after encountering a fatal error.
Bluejacking is the act of sending messages between mobile devices via Bluetooth wireless connection.
Bluesnarfing refers to the unauthorized access and theft of information through a Bluetooth connection. Mobile devices, such as smartphones, laptops, and tablets that are Bluetooth-enabled can be affected by this.
Bluetooth is a wireless technology mainly used for short distance connections between devices due to its low power signal. Communication is done at a bandwidth around 2.45 GHz. It doesn’t need a line of sight to establish a connection.
In computing, to boot a system is to turn the device or machine on and load the OS into RAM. The boot-up process is made up of different stages, depending on the setup of the system and the OS that has to be loaded.
A boot sector is part of a physical information carrier (usually a hard drive) that contains the code that has to be loaded into a system’s RAM to start the actual boot process and load the OS. The boot sector is created when a volume is formatted.
Boot sector virus
A boot sector virus is malware that infects the boot sector of a drive or other storage device. During a boot, this sector is automatically located and loaded into memory, making them harder to remove, as they will load before normal removal software.
A bootkit is a type of rootkit that alters or replaces the bootloader of the affected system in order to take control. To remove a bootkit, you need a bootable medium, which has the necessary tools to undo the changes made by the bootkit.
The word “bot” is a derivative of “robot.” It usually pertains to (1) one or more compromised machines controlled by a botmaster or herder to spam or launch DDoS attacks, or (2) an automated program coded with particular instructions to follow, which includes interacting with websites and humans via web interfaces (e.g., IMs).
A collective of bots is called a botnet.
Synonym: zombie machine
A bot herder is the threat actor who controls and maintains a bot or botnet.
Synonym: botnet herder
A botnet is a collection of bots. The term also refers to the malware run on a connected device to turn it into a bot.
Synonym: zombie network
In computing, breadcrumbs are navigation aids that tell users exactly where they are while surfing on a site or in a set of folders. Breadcrumbs show the hierarchy of links on a site or the steps in the folder structure.
Consider, for example, the address bar in a Windows explorer window, which contains breadcrumbs from a file to the folders in which it is contained.
Bricking refers to the practice or act of rendering an electronic computing device—often a smartphone—useless or inoperable. Bricking usually happens by accident, such as when a firmware update gets interrupted.
Bring your own device (BYOD)
Bring your own device, abbreviated as BYOD, is a trend wherein employees bring their personal computing devices, usually a smartphone or laptop, to be used in the workplace. These devices are then connected to the company’s internal network, which may introduce additional risks to the company.
Synonym: bring your own technology (BYOT)
Browlock is a portmanteau of “browser” and “lock”. This term is used either (1) to describe the state of an internet browser when the user is unable to perform certain actions or (2) to pertain to a malware’s malicious control over browser windows. A browlock can close the open tab or window, block access to the desktop of the system, and stop you from navigating to another site. For more information, see this blog post on browser lockers.
Browser helper object (BHO)
A browser helper object (BHO) is a DLL component of Internet Explorer (IE) that provides added functionality to the browser.
Brute force attack
A brute force attack is a method wherein an application attempts to decode encrypted data, such as a password, by trial and error. A dictionary attack, for example, is a type that falls under this attack.
See also password cracking application
In computing, a buffer refers to the amount of data stored and shared between applications to compensate for the difference in speed with which these can handle the data. Consider, for example, your browser buffering (part of) a movie while downloading it and, at the same time, while your movie player plays it.
A buffer overflow is a computer anomaly wherein a program writes to a block of memory (or buffer) more than what it is allocated to hold.
Synonym: Buffer overrun
A bug bounty is a rewards program through which individuals can receive monetary compensation and/or recognition for finding flaws or vulnerabilities in a company’s software or system.
A bundler is an assemblage of two or more software offered in one combined package. It usually contains (1) the main program a user is after and (2) bundleware. Many bundlers are found in freeware download sites. In some cases, these “free” software are actually trial versions of programs one commonly pays for.
Bundleware is a term used to collectively describe one or more software that comes in bundles as extra. This isn’t necessarily malicious.
Bundleware that are dodgy at best have a few types:
- Programs that are considered adware and PUPs. These may or may not offer users the option to opt out of the extra programs.
- Programs that are useful but nobody wants to pay for their functionality, so the developer enters some monetization program that incorporates adware into his/her program.
- PUPs that offer to install other PUPs from the same manufacturer during the installation.
- Programs that also install software packages they need to run on the affected system.
Malwarebytes detects these types.
In computing, to burn is to write data to a drive with a recordable disc (i.e. burn a CD or DVD). The data is written onto the disc using a laser and, until the invention of rewritable discs (RW), this was considered a one-time-only process.
Business continuity management (BCM)
Business continuity management is a term used to describe the holistic process of identifying an organization’s risk of exposure to potential threats found internally and/or externally and the impacts these may cause. Its goal is to prepare the organization to effectively respond to threats, protect the business’s interests, and ensure the continuity of the company in the event of such threats.
Business email compromise (BEC)
A business email compromise (BEC) is an attack wherein an employee, who is usually the CFO or someone from the Finance department, is socially engineered into wiring a large sum of money to a third-party account.
Business process compromise (BPC)
A business process compromise (BPC) is an attack wherein the threat actor targets weaknesses in an organization’s processes, systems, and loopholes in its operations to manipulate or alter them to their advantage. Unlike in business email compromise (BEC), BPC doesn’t rely on social engineering tactics.
In computing, a cache is a temporary storage that is used to speed up future requests. For example, a browser cache stores contents of websites so they can be displayed faster the next time the user visits them. For information about DNS cache poisoning, have a look at the blog post, DNS hijacks: what to look for.
Children’s Online Privacy Protection Act (COPPA)
The Children’s Online Privacy Protection Act, or COPPA, is a privacy law that protects children under the age of 13. It was first passed in 1998. The Federal Trace Commission (FTC) manages COPPA. To read more, go here.
Click fraud is the practice of artificially inflating statistics of online advertisements by using automated clicking programs or hitbots.
Synonym: Pay-per-click fraud
See also ad fraud
Clickbait is content (especially a headline) that uses exaggeration and sensationalism to entice you into clicking on a link to a particular web page. Clickbait often leads to content of questionable value.
Clickjacking is a type of attack that tricks a user into clicking a website element that is either invisible or disguised as another element. This hijacks a user’s click meant for one thing but leads to another. For example: instead of clicking a button to reply, a clickjacking attack on a Twitter user can make them re-tweet a malicious domain to followers instead.
This is typically seen as browser security issue. However, such an attack can also take place in mobile applications.
Clickjacking has different types, such as likejacking.
Synonyms: User interface (UI) redress attack, UI redressing
Cloud computing refers to the delivery of services that are hosted over the internet to computers and other computing devices. For more information, see this blog post on the cloud.
See also Anything-as-a-Service (XaaS)
Cloud phishing refers to a phishing trend that uses the guise of cloud computing services to get users to click malicious links. Campaigns of this kind usually start off in emails and social media posts.
In computing, a cold boot happens when a system is powered up from its off state. Cold booting is sometimes used to remedy certain system hiccups.
Other forms: Cold booting
Command & control (C&C)
Command & control, also called C&C or C2, is a centralized server or computer that online criminals use to issue commands to control malware and bots as well as to receive reports from them.
A companion virus is an old type of virus that poses as a legitimate file by copying its file name but uses a different extension. It doesn’t modify files.
Compromised sites (or servers) are otherwise legitimate sites that are being used by hackers without the owner’s knowledge. Compromised sites are often used to house and spread malware.
Computer ethics is a philosophy concerned with how professionals in the field of computing should make decisions. Examples would be rules for disclosing of compromised information and vulnerabilities, copying of electronic content, and the impact of computers—AI, for example—on human lives.
Computer science (CS)
Computer science, abbreviated as CS, is a multi-disciplinary collection of studies in the fields that are related to digital information. Computer systems, the internet, programming, and data storage are some of the best-known fields.
Computer-Aided Design (CAD)
Computer-Aided Design, or CAD, is the use of computer technology to help with the design of two- or three-dimensional objects. This specialized type of software helps to design, modify, analyze, optimize, and even create objects in many fields, including architecture, mechanics, engineering, and art.
Consumer fraud protection
Consumer fraud protection is a law designed to shield consumers against goods and services that didn’t perform as advertised. Consumers are also protected against unfair trade (overcharging) and fraudulent credit practices.
In the context of computing, a cookie is a text file that a website puts into a visitor’s computer to recognize them and keep track of their preference. A cookie can be stored temporarily (session cookie) or permanently on the hard disk (persistent cookie). For more information, see this blog post on whether we should worry about cookies or not.
A crack is either used as a:
- noun: A piece of software used to figure out passwords using a dictionary attack. It can also be a piece of software or tool used to illegally bypass certain software security features, such as copy protection.
- verb: The act of breaking into a secured computer system. The person doing the crack is called a cracker. Some argue that there are distinctions between a cracker and a hacker.
Credential stuffing is a popular tactic of attempting to access online accounts using username-password combinations acquired from breached data. This is usually done using an automated tool.
Crimeware is sophisticated software designed specifically for certain criminal acts, such as data theft, ransom, network poisoning, and communications monitoring.
Cross-site scripting (XSS)
Cross-site scripting is a type of injection attack wherein a vulnerability in web applications is exploited that allows a threat actor to inject malicious script into the site’s content. Affected trusted sites are made to deliver the malicious script to visitors.
In malware research, this refers to a program that makes malware hard to read by researchers. The crudest technique for crypters is usually called obfuscation. A more elaborate blog post on that is Obfuscation: Malware’s best friend.
Cryptocurrency is a decentralized digital currency. It is the preferred payment method of ransomware authors, and it can be generated by mining scripts embedded on websites.
Cryptocurrency mining, popularly known as cryptomining, is the process of adding new transactions to a public ledger of previous transactions (called the blockchain) and introducing new cryptocurrencies into the system. For more information, see this blog post on the dangers of drive-by mining and online ads.
Cryptography is the knowledge of sending and storing encrypted data. For more information, see this blog post on how to encrypt files and folder.
Cryptojacking is the surreptitious use of computing devices to mine cryptocurrency.
A Common Vulnerabilities and Exposure (CVE) identifier is a unique number assigned to publicly known software vulnerabilities. It follows the format:
Vendors and researchers alike consider CVE identifiers as standard for identifying vulnerabilities. For example, CVE-2014-0160 is the CVE ID for the vulnerability commonly known as Heartbleed.
Synonyms: CVE names, CVE IDs, CVE numbers, CVEs, vulnerability identifier
Cyber Monday is the marketing term given to the Monday after the Thanksgiving holidays in the United States. For more information, see this blog post on safe online shopping on Cyber Monday.
Cyberbullying is the act of threatening and intimidating others via electronic and digital means.
Cybercrime is the term referring to crimes that are related to computers and networks, including traditional crimes like fraud, blackmail, and identity theft that are done over the Internet or by using computing devices.
A data breach happens when data deemed sensitive, protected, or confidential were illegally accessed or disclosed. Individuals may have viewed, copied, transmitted, stolen, or used such data accidentally or deliberately. For an in-depth look at data breaches, see this page.
Data exfiltration is an act of retrieving, copying, and transferring data, such as user credentials, about individuals or organizations without authorization.
Data mining is the process of sifting through large data sets to identify patterns or generate new information.
A decryptor is a tool used to transform unreadable data back to its original, unencrypted form. This is typically used by those affected by ransomware to restore their files.
In computer security, a definition is code written into a database that enables cybersecurity software programs to identify and detect specific, known families of malware. Definitions are used in signature-based detection methodology and therefore cannot be used to detect new or unknown forms of malware.
Defragmentation is the process of reorganizing a file system so that files that were split up when saved and changed are put back together again. This removes pointers to and from the fragments and optimizes the speed with which these files can be used.
Other forms: Defrag, defragment
Destruction of service (DeOS)
Destruction of service is an attack using IoT botnets that aim to destroy an organization’s backups and safety nets, which are used to recover critical systems and data after a cyber attack.
A dialer can mean (1) a program or app that initiates the best connection for the number chosen by the user, (2) a program that connects a system to the internet over a telephone or ISDN line, or (3) malware that connects a system to a network or phone number with the intent to fraud.
Other forms: Dialler
A dictionary attack is an act of penetrating password-protected computer systems or servers using large sets of words in a dictionary. This attack usually works as many users still use ordinary words for their passwords.
See also brute force attack
A digital footprint is the term used to describe the recorded—thus, traceable—internet or device activities of a particular person.
Synonym: digital shadow
Distributed Denial of Service (DDoS)
A distributed denial of service (DDoS) attack is a network attack wherein threat actors force numerous systems (usually infected with malware) to send requests to a specific web server to crash, distract, or disrupt it enough that users are unable to connect to it.
For an in-depth look at DDoS attacks, see this page.
In computer security, a domain can refer to:
- A group of computers that are under the control of a common operator and administered as one unit, or
- The name of a Web resource following the rules of the Domain Name System (DNS), which translates the domain name into an IP address
Domain administrator privileges
Domain administrator privileges refer to administrator access to all machines within a network.
Domain Name System (DNS)
A Domain Name System, abbreviated as DNS, is an Internet protocol that translates user-friendly, readable URLs, such as malwarebytes.com, to their numeric IP addresses, allowing the computer to identify a web server without the user having to remember and input the actual IP address of the server.
Name Servers, or Domain Name Servers, host these translations. They are part of the overall Domain Name System.
To learn how threat actors can abuse DNS protocols, read up on DNS hijackers, a type of malware that modifies users’ DNS settings.
Domain Name System Security Extensions (DNSSEC)
Domain Name System Security Extensions, abbreviated as DNSSEC, is a set of extensions that add extra security to the DNS protocol. For more information, see this blog post on why we need DNSSEC.
A downloader, or Trojan downloader, is malware with the sole intention of downloading other programs—usually more malware—to the affected system as soon as an Internet connection is available.
Dox is an informal abbreviation of the word “documents”. The term is used to describe the act of researching and disseminating private information about a person or organization. Many doxxers—those who dox—employ a number of techniques to gather information, such as searching the internet, hacking, and social engineering.
Other form(s): doxing, doxxing
A drive-by download pertains to (1) the unintended download of one or more files, malicious or not, onto the user’s system without their consent or knowledge. It may also describe the download and installation of files bundled with a program that users didn’t sign up for.
A dropper, or Trojan downloader, is a type of malware that installs other malware on the affected system. The other malware is part of the same executable, which is usually in compressed form.
Dwell time refers to the amount of time passed from when malware has initially infiltrated a system to when it has been detected and removed.
Electronic sports (eSports)
Electronic sports, or eSports, are basically video games competitions. Any computer- or console-game that has a multi-player competition qualifies as an eSport.
Encryption is the process of changing data in a way that can not (easily) be undone (or decrypted) by parties that don’t have the decryption key. For more information, see this blog post on encryption and types of secure communication and storage.
The end-user is the person that a specific product is designed, developed, and created for. For this intended user, the product should be suitable (ease of use), and it should be a finished product.
EternalBlue is one of the handful of “exploitation tools” leaked by a group called The Shadow Brokers (TSB) that take advantage of weaknesses in how Windows implemented the Server Message Block (SMB) protocol. The WannaCry and NotPetya ransomware strains used this exploit to target unpatched systems.
For more information, see this blog post on how threat actors are using SMB vulnerabilities in their attack campaigns.
Ethernet is a networking technology commonly used in various networks, such as LAN, MAN, and WAN. It is so commonplace that most PC motherboards have a built-in Ethernet interface.
Executable and Link format (ELF)
An ELF file is an executable file format for the Linux and Unix platforms. Its known file extensions are .axf, .bin, .elf, .o, .prx, .puff, .ko, .mod, and .so.
Exploits are a type of malware that takes advantage of bugs and vulnerabilities in a system in order to allow the exploit’s creator to take control.
For an in-depth look at exploits, see this page.
An exploit kit is a packaged collection of exploits for use by criminal gangs in spreading malware.
Synonym: Exploit pack
Extended Validation SSL Certificate (EV SSL)
An Extended Validation SSL Certificate is an identity authentication solution used in HTTPS websites that tells users that the owner or operator of the site they’re interacting with is legitimate. A green bar displayed in the address bar denotes the presence of an EV SSL.
In computer security, a family refers to a group of malwarevariants that all exhibit at least one base characteristics.
Fear, uncertainty, and doubt (FUD)
Fear, uncertainty, and doubt is a disinformation strategy that is used as a weapon against competitors.
In hacking, FUD could also mean “fully undetected,” which means (1) that data that is made to appear like random noise due to encryption, or (2) a piece of software that cannot be detected by AV tools and scanners.
A file type is a name given to a specific kind of file. For example, a Microsoft Excel sheet file and a Python script file are two different file types. A file type is not the same as a file format.
A file-based attack is an attack where threat actors use certain file types, usually those bearing document file extensions like .DOCX and .PDF, to entice users to open them. The file in question is embedded with malicious code; thus, once opened, this code is also executed.