Malware Trends: January - March 2025

Malware activity reports for the quarter are now posted at the Cybercrime Information Center. Our key statistics show small quarter-over-quarter increases in malicious IP address malware records (Traffic Injectors and Attackware) and unique IPv4 addresses reported as serving or distributing malware, and but meaningful decreases in both endpoint and IoT malware reported.

https://interisle.substack.com/p/malware-trends-january-march-2025?r=59cehk

#malware #iot #attackware #trafficinjectors #maliciousscripts

Our 4Q2024 Malware Activity reports are available at https://cybercrimeinfocenter.org/malware-activity-numbers-october-december-2024

For the TL;DR

- Malware targeting endpoint devices decreased > 50% over the July - September 2024 reporting period

- Malicious documents found on Wordpress sites continue to rise

- Mirai on the rise, Mozi in decline

- China and India again have the most IPv4 addresses reported for hosting malware

- We processed more than 1M Traffic Injectors and Attackware reports

#iot #malware #attackware #wordpress #mirai #mozi

For a bit more than TL;DR read our Malware Trends for the period at https://www.cybercrimeinfocenter.org/malware-trends-october-2024-december-2024

Our Malware study for the calendar year 2022 is out!

Headline: Interisle reports that malware hosting activity in 2022 was most intense in China, India and United States

Information stealing and ransomware continue to rise, as does misuse of cloud and file sharing services for malware distribution. Also...

• Endpoint malware activity increased 50% over 2021. The Quackbot banking trojan was the most reported endpoint malware.

• IoT malware activity decreased in 2022. Mozi IoT malware reporting sharply declined in early 2022 but showed signs of renewed activity in 4Q 2022.

• 60% of reports identified malware that attacks or probes legitimate web sites. Nearly two-thirds of the reported probes were vulnerability scanners. PHP forum spammers accounted for one-third of attackware reported.

• The use of domain names in malware URLs grew sharply. Interisle found a 121% increase in the use of domain names in 4Q 2022.

• Attackers continued to exploit file sharing services and code repositories to distribute malware.

https://www.einpresswire.com/article/621395330/interisle-reports-that-malware-hosting-activity-in-2022-was-most-intense-in-china-india-and-united-states?r=paDW4MBm7CwDE0LM0l

#malware #cybercrime #quackbot #gafgyt #emotet #attackware