An infection chain is the step-by-step sequence attackers use to get malware onto a device and make it run. It usually starts with a lure, such as a fake download, malicious link, or trusted-looking installer, then moves through delivery, execution, and often persistence or command-and-control. Each step depends on the one before it, so the chain shows how a victim is moved from initial contact to compromise.
This matters in cyber security because defenders can break the attack at multiple points, not just after malware is active. For example, web filtering can block the lure, application controls can stop unsafe installers, sandboxing can expose malicious behavior, and endpoint detection can catch execution or privilege escalation. In real attacks, infection chains often abuse normal user habits, such as downloading software, opening attachments, or following video or forum links. Understanding the chain helps teams ask: where did trust fail, and where can we interrupt it?