Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Malware & Threats

Less Malware, Better Quality: AV-TEST

While the number of malware samples spotted in 2016 decreased compared to the previous year, threats have been more sophisticated, according to the latest security report from antivirus research company AV-TEST.

While the number of malware samples spotted in 2016 decreased compared to the previous year, threats have been more sophisticated, according to the latest security report from antivirus research company AV-TEST.

AV-TEST identified roughly 127.5 million malware samples last year, which represents a 14% decrease from the 144 million seen in 2015. This translates to approximately 350,000 new samples each day, or four new samples per second.

The number of samples may have declined, but malware is becoming increasingly sophisticated, as demonstrated by the NotPetya and WannaCry ransomware attacks, banking Trojans, and threats designed to target Internet of Things (IoT) devices. This includes complex encryption and increased flexibility in the case of ransomware, and the use of special malware in attacks aimed at the SWIFT banking network.

While the threat posed by ransomware has been made clear by recent attacks, this type of malware accounts for only less than one percent of the total share of Windows malware. Despite the small proportion, AV-TEST pointed out that, due to their mode of action and potential damage, these types of Trojans cannot be considered a marginal phenomenon.

“A level of distribution comparable to traditional viruses is not required to reap the greatest possible profit. Ransomware involves ‘high-tech malware’, which seeks its victims above all in a targeted business environment. For instance, emails infected with ransomware are sent out almost exclusively on weekdays,” AV-TEST said.

Ransomware development peaked in the first quarter of 2017, with more than 110,000 samples detected by the company in April.

The quantity of Windows malware has decreased, but AV-TEST noticed that the number of Mac OS samples increased by 370% to 3,033 samples – a majority of which have been classified as Trojans. More than 4,000 new samples were already identified in the first quarter of 2017.

Advertisement. Scroll to continue reading.

Mac malware distribution

The number of Android malware samples doubled in 2016 to over 4 million, with the largest spike recorded in June, when AV-TEST identified nearly 650,000 new pieces of malware. In the same month, the company spotted more than 9,200 exploits covering all versions of Android.

The complete AV-TEST Security Report 2016/2017 is available online in PDF format.

Related: The State of Malware – 1 Billion Samples Under the Microscope

Related: RDP Tops Email for Ransomware Distribution

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...