Between 2018 and 2024, the share of global malware attacks that occurred via e-mail increased from 33 to 68 percent. The percentage of web attacks has decreased, going from 67 percent in 2018 to 32 percent in 2024.

In 2023, the worldwide number of malware attacks reached 6.06 billion, an increase of 10 percent compared to the preceding year. In recent years, the highest number of malware attacks was detected in 2018, when 10.5 billion such attacks were reported across the globe. Malware attacks worldwide In 2022, worm malware was blocked over 205 million times. Another common malware type during that period, Emotet, primarily targeted the Asia-Pacific region. Overall, websites are the most common vector for malware attacks and recent industry data found that malware attacks were frequently received via exe files. Most targeted industries In 2022, the education sector was heavily targeted by malware, encountering 2,314 weekly attacks on average. Government and military organizations ranked second, followed by the healthcare units. Overall, in 2022, the education sector saw over five million malware attacks in the examined year.

A 2025 survey of cybersecurity professionals of organizations worldwide revealed that 32 percent of the organizations suffered ransomware attacks due to exploited vulnerabilities. Compromised credentials were the second-most common cause of successful ransomware attacks, while malicious e-mail ranked third.

As of 2025, nearly 63 percent of businesses worldwide were affected by ransomware attacks. This figure represents a decrease on the previous year and was by far the lowest figure reported since 2020. Overall, since 2018, more than half of the total survey respondents each year stated that their organizations had been victimized by ransomware. Most targeted industries In 2024, the critical manufacturing industry in the United States was once again most targeted by ransomware attacks. Overall, organizations in this industry experienced 258 cyberattacks in the measured year. Healthcare and the public health sector ranked second, followed by government facilities, with 238 and 220 cyberattacks, respectively. Ransomware in the manufacturing industry The manufacturing industry, along with its subindustries, is constantly targeted by ransomware attacks, causing data loss, business disruptions, and reputational damage. Often, such cyberattacks are international and have a political intent. In 2024, exploited vulnerabilities were the leading cause of ransomware attacks in the manufacturing industry.

In January 2025, a small fintech startup in Austin discovered it had fallen victim to a cyberattack. At first glance, the breach looked like a typical case of credential stuffing. But it wasn’t. The attacker had used an AI-driven system that mimicked the behavioral patterns of employees, learning login habits,...

Allaple worm is a malware family still infecting multiple systems on the Internet. The statistics collected from our honeypot are available.

Description

The datasets demonstrate the malware economy and the value chain published in our paper, Malware Finances and Operations: a Data-Driven Study of the Value Chain for Infections and Compromised Access, at the 12th International Workshop on Cyber Crime (IWCC 2023), part of the ARES Conference, published by the International Conference Proceedings Series of the ACM ICPS.

Using the well-documented scripts, it is straightforward to reproduce our findings. It takes an estimated 1 hour of human time and 3 hours of computing time to duplicate our key findings from MalwareInfectionSet; around one hour with VictimAccessSet; and minutes to replicate the price calculations using AccountAccessSet. See the included README.md files and Python scripts.

We choose to represent each victim by a single JavaScript Object Notation (JSON) data file. Data sources provide sets of victim JSON data files from which we've extracted the essential information and omitted Personally Identifiable Information (PII). We collected, curated, and modelled three datasets, which we publish under the Creative Commons Attribution 4.0 International License.

1. MalwareInfectionSet We discover (and, to the best of our knowledge, document scientifically for the first time) that malware networks appear to dump their data collections online. We collected these infostealer malware logs available for free. We utilise 245 malware log dumps from 2019 and 2020 originating from 14 malware networks. The dataset contains 1.8 million victim files, with a dataset size of 15 GB.

2. VictimAccessSet We demonstrate how Infostealer malware networks sell access to infected victims. Genesis Market focuses on user-friendliness and continuous supply of compromised data. Marketplace listings include everything necessary to gain access to the victim's online accounts, including passwords and usernames, but also detailed collection of information which provides a clone of the victim's browser session. Indeed, Genesis Market simplifies the import of compromised victim authentication data into a web browser session. We measure the prices on Genesis Market and how compromised device prices are determined. We crawled the website between April 2019 and May 2022, collecting the web pages offering the resources for sale. The dataset contains 0.5 million victim files, with a dataset size of 3.5 GB.

3. AccountAccessSet The Database marketplace operates inside the anonymous Tor network. Vendors offer their goods for sale, and customers can purchase them with Bitcoins. The marketplace sells online accounts, such as PayPal and Spotify, as well as private datasets, such as driver's licence photographs and tax forms. We then collect data from Database Market, where vendors sell online credentials, and investigate similarly. To build our dataset, we crawled the website between November 2021 and June 2022, collecting the web pages offering the credentials for sale. The dataset contains 33,896 victim files, with a dataset size of 400 MB.

Credits Authors

Billy Bob Brumley (Tampere University, Tampere, Finland)

Juha Nurmi (Tampere University, Tampere, Finland)

Mikko Niemelä (Cyber Intelligence House, Singapore)

Funding

This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme under project numbers 804476 (SCARE) and 952622 (SPIRS).

Alternative links to download: AccountAccessSet, MalwareInfectionSet, and VictimAccessSet.

This dataset contains synthetic logs designed to simulate the activity of the Pegasus malware, providing a rich resource for cybersecurity research, anomaly detection, and machine learning applications. The dataset includes 1000 entries with 17 columns, each capturing detailed information about device usage, network traffic, and potential security events

Columns: user_id: Unique identifier for each user device_type: Type of device used (e.g., iPhone, Android) os_version: Operating system version of the device app_usage_pattern: Usage pattern of the applications (Low, Normal, High) timestamp: Timestamp of the recorded activity source_ip: Source IP address of the network traffic destination_ip: Destination IP address of the network traffic protocol: Network protocol used (e.g., HTTPS, FTP, SSH) data_volume: Volume of data transferred in the session log_type: Type of log entry (system, application, security) event: Specific event type (e.g., App Install, System Update, Logout, App Crash) event_description: Description of the event error_code: Error code associated with the event file_accessed: File path accessed during the event process: Process name involved in the event anomaly_detected: Description of any detected anomalies (e.g., Unknown Process Execution, Suspicious File Access) ioc: Indicators of Compromise (e.g., Pegasus Signature, Known Malicious IP)

This dataset is ideal for those looking to develop and test cybersecurity solutions, understand malware behavior, or create educational tools for cybersecurity training. The data captures various scenarios of potential malware activities, making it a versatile resource for a range of cybersecurity applications.

Description:

The Android Malware Detection Dataset is derived from the NATICUSdroid (Android Permissions) Dataset, a comprehensive collection of Android application data focused on permissions requested by these applications. This dataset aims to facilitate research in the domain of mobile security and privacy by providing detailed information about the permissions sought by various Android applications.

Dataset Details:

Permission Categories: The dataset includes permissions spanning various categories, such as camera access, location services, storage access, network connectivity, etc.

Acknowledgment:

The NATICUSdroid (Android Permissions) Dataset is made available to the research community to encourage advancements in mobile security and privacy research. We appreciate the efforts of developers and organizations contributing to the Android ecosystem, which makes this dataset possible. Researchers are encouraged to provide appropriate attribution when using or referencing this dataset.

Introduction

Notable Ransomware Statistics: Even in the year 2024, ransomware is ranked among the most disruptive and expensive types of cybercrime. This is software that keeps people from accessing their gadgets until they pay an amount, and it keeps getting better with time, while looking for people to pay or companies.

Data as of 2024 indicated that there was an upward trend in the prevalence and economic losses caused by ransomware attacks throughout the world. Emerged are some notable ransomware statistics to consider in the year 2024.

As of the second quarter of 2025, Trojan-Banker was the most commonly detected mobile malware worldwide, accounting for nearly 30 percent of all mobile malware detected worldwide. Meanwhile, RiskTool ranked second with approximately 18 percent share.

In 2022, organizations in the United States saw around 2.68 billion malware attacks, ranking first among selected countries worldwide. The United Kingdom (UK) ranked second, detecting nearly 433 million malware attacks, followed by India, with 335 million attacks.

In March 2025, a small logistics company in Ohio lost access to every operational file it had overnight. Trucks sat idle, routes scrambled, and customer data vanished into encryption. The attackers demanded payment in Bitcoin, $210,000, to unlock the systems. The company paid. What happened next? The decryptor didn’t work....

Malware Analysis Tools Market Outlook

The global malware analysis tools market size is projected to witness a significant growth trajectory in the coming years, expanding from USD 4.5 billion in 2023 to an anticipated USD 10.2 billion by 2032, exhibiting a compound annual growth rate (CAGR) of approximately 9.5% during the forecast period. This robust growth can be attributed to a variety of factors, including the increasing sophistication of cyber threats, heightened awareness regarding cybersecurity, and the escalating need for comprehensive security solutions across different sectors. As cyber-attacks grow in complexity and frequency, organizations are increasingly turning to advanced malware analysis tools to safeguard their digital assets and maintain operational integrity.

One of the primary drivers of market growth is the proliferation of advanced persistent threats (APTs) and zero-day vulnerabilities that challenge traditional cybersecurity measures. Organizations are recognizing that these sophisticated threats necessitate more than just conventional firewalls and antivirus software, propelling the demand for advanced malware analysis tools that offer deeper insights into malicious software behavior. The increasing digitization of businesses and the integration of IoT devices have also expanded the attack surface, necessitating more robust security solutions. This evolution underscores the critical role of malware analysis tools in identifying, analyzing, and mitigating potential threats before they can inflict damage.

Moreover, regulatory requirements worldwide are becoming more stringent, compelling businesses to adopt comprehensive cybersecurity measures. Laws such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States mandate robust data protection protocols and impose hefty penalties for data breaches. These regulations drive organizations to invest in sophisticated malware analysis tools to ensure compliance and protect sensitive data. Additionally, the increasing adoption of cloud computing and remote work models has further heightened the need for resilient cybersecurity frameworks, as the risk of malware infiltration becomes more pronounced in decentralized networks.

The surge in cybercrime has also led to a growing awareness of cybersecurity risks among businesses and consumers alike. High-profile data breaches and ransomware attacks have highlighted the vulnerabilities within IT infrastructure, prompting companies to prioritize investment in cybersecurity solutions. The growing emphasis on safeguarding intellectual property, financial data, and personal information is driving demand for malware analysis tools that can detect, analyze, and neutralize potential threats. This heightened focus on cybersecurity is particularly pronounced in industries such as BFSI, healthcare, and government, where data breaches can have severe consequences.

Regionally, North America is expected to maintain its dominance in the malware analysis tools market, driven by the presence of major cybersecurity companies, early adoption of advanced technologies, and a high concentration of tech-savvy industries. The Asia Pacific region, however, is anticipated to witness the highest growth rate during the forecast period, owing to the rapid digital transformation, increasing internet penetration, and rising incidences of cyber threats in countries like China and India. Europe and Latin America are also expected to experience significant growth, supported by increasing government initiatives to strengthen cybersecurity frameworks and the growing adoption of cloud technologies.

Tool Type Analysis

In the malware analysis tools market, tool types are broadly categorized into static analysis tools, dynamic analysis tools, and hybrid analysis tools. Each type offers unique capabilities and advantages, catering to different organizational needs and security strategies. Static analysis tools, also known as code analyzers, play a crucial role in examining the code without executing it, enabling the detection of potentially malicious activities before the malware is deployed. These tools are invaluable for organizations that need to verify the security of software before its deployment, particularly in the software development lifecycle. By providing a comprehensive report of vulnerabilities and risks, static analysis tools facilitate proactive threat mitigation strategies.

Dynamic analysis tools, on the other hand, offer a more in-depth approach by analyzing malware behavior during execution. These tools simulat

Malware Analysis Market Outlook

In 2023, the global malware analysis market size was estimated at approximately USD 5 billion, with a projected CAGR of 16% forecasted to propel the market to around USD 13.88 billion by 2032. The rapid growth of the malware analysis market is driven by the increasing frequency and sophistication of cyber threats and the consequent demand for advanced cybersecurity solutions. Organizations across various sectors are investing heavily in malware analysis tools to protect sensitive data and maintain operational continuity. Cloud computing advancements, the proliferation of Internet of Things (IoT) devices, and the growing trend of bring-your-own-device (BYOD) are also significant drivers, as they expand the attack surface, necessitating more robust malware defenses.

One of the primary growth factors for the malware analysis market is the continuous evolution and complexity of malware threats. Cyber criminals are employing increasingly sophisticated techniques to bypass traditional security measures, thus driving the need for advanced malware analysis solutions that can provide comprehensive threat detection and mitigation. Moreover, the rise of state-sponsored attacks and cyber warfare has heightened the urgency for organizations to adopt proactive defenses. As a result, many companies are transitioning from reactive to proactive cybersecurity strategies, which include investing in real-time malware analysis tools that can quickly analyze and respond to potential threats, thereby minimizing the risk of data breaches and ensuring business continuity.

The rise of cloud computing and the widespread adoption of cloud-based services have also significantly contributed to the growth of the malware analysis market. Organizations are increasingly leveraging cloud environments for their scalability, cost efficiency, and flexibility. However, this shift has also expanded the cyber attack surface, making cloud security a critical concern. Malware analysis solutions are integral to securing cloud infrastructure, as they enable businesses to monitor, detect, and respond to threats in real-time. The integration of machine learning and artificial intelligence into malware analysis tools further enhances their capability to predict and identify new malware variants, making them indispensable in the modern cybersecurity landscape.

Another important growth factor is the growing regulatory pressure on organizations to maintain robust cybersecurity measures. Governments worldwide are instituting stringent regulations and standards to ensure data privacy and security, compelling businesses to invest in advanced cybersecurity solutions, including malware analysis. Compliance with regulations such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS) necessitates the implementation of thorough malware detection and response strategies. Consequently, the demand for sophisticated malware analysis tools is on the rise, as organizations strive to meet these regulatory requirements and avoid penalties.

Regionally, North America is poised to be a significant player in the malware analysis market, driven by the presence of major technology firms and a high adoption rate of advanced cybersecurity solutions. The region's focus on digital transformation and the increasing incidence of cyber attacks across various sectors bolster the demand for malware analysis. Similarly, Europe is witnessing considerable growth, supported by stringent data protection laws and growing awareness of cybersecurity threats. The Asia Pacific region is expected to experience the highest growth rate due to rapid technological advancements, a booming IT sector, and increasing investments in cybersecurity infrastructure. Government initiatives to bolster cybersecurity and the rising number of cyber threats in emerging economies also contribute to the regional market's expansion.

Component Analysis

The malware analysis market can be segmented by component into software and services. The software segment is expected to hold the largest market share owing to the constant need for sophisticated tools that can effectively identify, analyze, and mitigate malware threats. These software solutions offer comprehensive features such as real-time analysis, automated threat detection, and advanced reporting capabilities. Organizations are increasingly seeking out software solutions that integrate seamlessly into existing systems, providing a holistic approach to cybersecurity. As cyber threats become more sophisticated, t

This study seeks to obtain data which will help to address machine learning based malware research gaps. The specific objective of this study is to build a benchmark dataset for Windows operating system API calls of various malware. This is the first study to undertake metamorphic malware to build sequential API calls. It is hoped that this research will contribute to a deeper understanding of how metamorphic malware change their behavior (i.e. API calls) by adding meaningless opcodes with their own dissembler/assembler parts.

Dataset consisting of feature vectors of 215 attributes extracted from 15,036 applications (5,560 malware apps from Drebin project and 9,476 benign apps). The dataset has been used to develop and evaluate multilevel classifier fusion approach for Android malware detection, published in the IEEE Transactions on Cybernetics paper 'DroidFusion: A Novel Multilevel Classifier Fusion Approach for Android Malware Detection'. The supporting file contains further description of the feature vectors/attributes obtained via static code analysis of the Android apps.

The dataset includes limited samples which include sample identifier, signature identifier, mark count, and signature severity score, along with the impact score computed using our scoring method.

With the rapid development of the Internet, the continuous increase of malware and its variants have brought greatly challenges for cyber security. Due to the imbalance of the data distribution, the research on malware detection focuses on the accuracy of the whole data sample, while ignoring the detection rate of the minority categories’ malware. In the dataset sample, the normal data samples account for the majority, while the attacks’ malware accounts for the minority. However, the minority categories’ attacks will bring great losses to countries, enterprises, or individuals. For solving the problem, this study proposed the GNGS algorithm to construct a new balance dataset for the model algorithm to pay more attention to the feature learning of the minority attacks’ malware to improve the detection rate of attacks’ malware. The traditional malware detection method is highly dependent on professional knowledge and static analysis, so we used the Self-Attention with Gate mechanism (SAG) based on the Transformer to carry out feature extraction between the local and global features and filter irrelevant noise information, then extracted the long-distance dependency temporal sequence features by the BiGRU network, and obtained the classification results through the SoftMax classifier. In the study, we used the Alibaba Cloud dataset for malware multi-classification. Compared the GSB deep learning network model with other current studies, the experimental results showed that the Gaussian noise generation strategy (GNGS) could solve the unbalanced distribution of minority categories’ malware and the SAG-BiGRU algorithm obtained the accuracy rate of 88.7% on the eight-classification, which has better performance than other existing algorithms, and the GSB model also has a good effect on the NSL-KDD dataset, which showed the GSB model is effective for other network intrusion detection.

Malware Analysis Market Outlook

According to our latest research, the global malware analysis market size reached USD 5.1 billion in 2024, reflecting robust demand for advanced cybersecurity solutions. The market is projected to grow at a CAGR of 18.6% from 2025 to 2033, culminating in a forecasted value of USD 26.2 billion by 2033. This remarkable growth trajectory is primarily fueled by the escalating sophistication of cyber threats and the increasing necessity for proactive threat detection and response across diverse industries worldwide.

One of the key growth factors propelling the malware analysis market is the exponential rise in the frequency and complexity of cyberattacks targeting both public and private sector organizations. The proliferation of ransomware, spyware, and advanced persistent threats (APTs) has compelled enterprises to invest in state-of-the-art malware analysis tools and services. As attackers employ more evasive and polymorphic techniques, traditional security measures are often insufficient, driving demand for dynamic and static malware analysis solutions capable of dissecting and neutralizing sophisticated malicious code. Moreover, the increasing digital transformation initiatives and adoption of cloud computing across sectors have broadened the attack surface, necessitating comprehensive malware analysis to safeguard sensitive data and maintain operational continuity.

Another significant driver is the growing regulatory landscape and compliance requirements imposed by governments and industry bodies globally. Regulations such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and other data protection mandates require organizations to implement robust cybersecurity frameworks, including advanced malware detection and analysis capabilities. Non-compliance can result in severe financial penalties and reputational damage, compelling organizations to prioritize investments in malware analysis solutions. Furthermore, as remote work and bring-your-own-device (BYOD) policies become entrenched in corporate environments, securing endpoints and ensuring real-time threat visibility have become paramount, further boosting market demand.

The surge in cyber warfare and state-sponsored attacks has also contributed to the rapid expansion of the malware analysis market. Governments and defense agencies are increasingly allocating resources to bolster their cyber defense infrastructures, recognizing the strategic importance of cybersecurity in national security. This trend has spurred innovation and collaboration between public agencies and private cybersecurity vendors, resulting in the development of advanced malware analysis platforms tailored to counter emerging threats. Additionally, the integration of artificial intelligence (AI) and machine learning (ML) technologies into malware analysis tools has enhanced threat detection accuracy, automated investigation workflows, and reduced response times, thereby amplifying the marketÂ’s growth prospects.

Binary Analysis plays a crucial role in the evolving landscape of malware analysis. As cyber threats become more sophisticated, the ability to dissect and understand the underlying binary code of malicious software is essential for developing effective countermeasures. Binary analysis involves examining the executable code of malware to identify its behavior, capabilities, and potential impact on systems. This process enables cybersecurity professionals to uncover hidden functionalities and vulnerabilities that may not be apparent through traditional analysis methods. By leveraging binary analysis, organizations can enhance their threat detection capabilities, improve incident response times, and develop more robust security strategies to protect against emerging threats.

Regionally, North America continues to dominate the global malware analysis market, accounting for the largest revenue share in 2024, followed closely by Europe and Asia Pacific. The presence of major cybersecurity vendors, high adoption rates of advanced technologies, and stringent regulatory standards have positioned North America at the forefront of market growth. Meanwhile, Asia Pacific is witnessing the fastest CAGR, driven by rapid digitalization, expanding internet penetration, and rising awareness of cybersecurity risks among enterprises and government agencies across countries