Malware describes any malicious program or software designed to disrupt, change, or wreak havoc on any computerized system. Malware usually poses as harmless links, attachments, or files to trick users into installing or downloading it.
Malware statistics reveal that hackers produce new malware variants yearly, changing tactics to attack underutilized or unknown vulnerabilities. Perhaps a more worrying trend is that many adults are unaware of the full extent of malware.
Here is a list of all the latest malware statistics depicting the evolution of malware attack tactics, the magnitude of each attack, and some lesser-known facts about these malicious programs.
Top 8 Malware Statistics (Editor’s Pick)
- Around 11,000 new malware programs are created every hour since the start of 2023.
- Malware volume in Europe rose to 1.3 billion in 2021.
- 46% of companies admitted that human error was the reason behind a successful malware attack in 2022.
- An average of 1,501 new malware variants were discovered daily in 2022.
- The number of malware programs detected in 2023 is over 11 million.
- Adware accounted for 42.42% of global mobile malware in 2021.
- Over $49.2 million was lost to ransomware attacks in 2021.
- There was a 7.2% spike in Android spyware apps in 2021.
General Malware Statistics
1. Malware analysis was a big problem for 93% of organizations globally.
In 2022, 66% of organizations relied on external help regarding malware analysis.
Of these, 7% fully outsourced the exercise to an external security provider, while 59% had internal and external help.
2. Around 11,000 new malware programs are created every hour since the start of 2023.
Over three new malware programs are designed every second, over 250,000 daily, and roughly 8 million monthly.
3. 85% of businesses experienced at least one successful cybersecurity attack in 2022.
Malware topped the list of cyber security threats causing the greatest concern among businesses. Others included account takeover, ransomware, and phishing attacks.
4. 93.9% of businesses in Columbia were victims of cyber attacks in 2021.
Columbia tops the list of organizations victimized by cyber threats at 93.9%.
Turkey and Spain, at 93.7% and 91.8%, come in second and third, respectively.
|Country||Percentage of Compromised Organizations|
5. Malware caused the most significant concern among cyber security professionals.
The top 3 cyber threats in 2021 were malware, account takeover or credential abuse attacks, and ransomware, each garnering 4.01, 3.97, and 3.96 on a five-point scale.
6. 63% of Adults knew the meaning of “malware” in 2021.
36% of them also knew the meaning of “ransomware.” Simultaneously, 53% were aware of the definition of “phishing,” while 45% were unsure when it came to “smishing” or “vishing.”
Malware Statistics by Country
7. Malware volume in Europe rose to 1.3 billion in 2021.
Malware volume in Europe and Asia rose by 35% and 27%, respectively.
Simultaneously, a 9% drop in malware volume was seen across North America.
8. Vietnam topped the list of countries with the most malware spread in 2021.
Vietnam came at the top with 36.4% malware spread, replacing South Korea, which dominated at 51.4% in 2020. South Korea dropped to number 6.
|Trinidad and Tobago||28.30%|
9. Florida was the US state with the highest malware count at 625.4 million.
In 2021, Florida rose to the number one spot regarding malware spread.
The year before, California topped the charts but fell by 28% from 408.3 million in 2020 to 293 million in 2021.
10. Malware hits in the UK rose by 48% in 2021.
The highest hits volume happened in July, when the total malware volume was 76,992,528. Malware spread was around 40 million, representing a percentage spread of 20%.
Malware Attack Statistics
11. Cybercriminals’ use of malicious PDFs rose by 52% in 2021.
In contrast, cybercriminals’ use of malicious office files rose by 67%, while their use of malicious PDF files fell by 22% in 2020.
12. There was a 77% increase in IoT malware attacks in 2022.
This brought the overall figure for malware attacks against IoT to 57 million.
At the same time, encrypted attacks rose by 132% to 4.9 million, cryptojacking by 30% to 66.7 million, and intrusion attempts by 19% to 3 trillion.
13. Emotet Malware attacks rose by 6,239 in 2022.
There was a sharp rise in the number of users attacked by the Emotet malware from February 2022 (2,847) to March 2022 (9,086). This malware targeted users in Russia, Italy, Japan, Mexico, Brazil, India, and China, among other regions.
|Month and Year||Emotet Malware Victims|
14. 96% of businesses were victims of phishing attacks.
Phishing was one of the biggest malware threats in 2022, with 96% happening through emails. 36% of these attacks were successful thanks to stolen employee credentials.
15. 46% of companies admitted that human error was the reason behind a successful malware attack in 2022.
83% of breaches were caused by poor password hygiene, 81% by misusing personal emails, and 76% through using collaboration tools.
16. There was a significant decrease in malware attacks between 2019 and 2021.
810 complaints were made to the FBI regarding malware attacks in 2021.
This represents a significant drop from 1,423 cases reported in 2020 and 2,373 reported in 2019.
17. Malware attacks hit a major decline in 2021.
Malware attacks hit a 7-year decline in 2021. However, it rose in 2022, with an average of 8,240 malware attacks per individual. This brought the total figure to 2.8 billion.
18. There were 2.8 billion worldwide malware attacks in Q1 and Q2 2022.
There were 5.6 billion reported global attacks in 2020 and 5.4 billion in 2021, significantly less than those in 2018 and 2019.
|Year||Number of Malware Attacks in Billions|
19. Latin America led in automated malware bot attacks in 2021.
The region saw a sharp increase in bot attacks by 450% over 2021.
On the other hand, North America experienced a 7% dip in the same kind of attacks in the same period.
20. The professional industry was the most targeted sector by malware in 2021.
There were 1,234 malware infections within the professional industry, making it the most targeted sector. Other most targeted sectors included information and manufacturing industries, with 775 and 621 infections, respectively.
21. Botnets from the Trickbot family accounted for 29% of overall malware attacks in 2021.
Meanwhile, Qbot and Emotet accounted for 15% and 12%, respectively.
22. 465 brands were targeted by phishing attacks in March 2021.
Phishing efforts toward brands intensified between April 2020 and March 2021, with 2,312 new brands targeted in that timeframe.
23. A majority of phishing attacks were directed toward the finance industry.
In Q1 2022, 23.6% of all phishing attacks targeted financial organizations.
Coming in second was the SaaS sector, with 20.5%.
|Industry||Distribution of Phishing Attacks|
Malware Detection Statistics
24. An average of 1,501 new malware variants were discovered daily in 2022.
A total of 270,228 variants were detected in 2022, representing a 45% increase from 2021. Of these, 147,851 were detected in Q1 2022, with the highest record being in March at 59,259.
25. 46% of companies incorporated Artificial Intelligence and Machine Learning to improve threat detection in 2021.
56% of companies noted enhanced threat detection, while another 46% stated they reduced human error that led to the attack in the first place.
26. Heuristic malware was the most detected malware in Windows in 2021.
Heuristic malware detection stood at 35%, with Trojan and Adware coming in second and third at 20% and 13%.
|Windows Malware||Percentage Detected in 2021|
27. There were 77% more malware programs detected in 2021 than in 2020.
Malware detection on Windows machines dropped to 24% in 2020.
However, those figures soared in 2021, with a 200% spike in malicious software such as adware, spyware, and worms.
28. There was a 300%+ increase in the detection of crypto-mining malware in 2021.
The corporate sector was one affected industry, with 40% and 5% of victims facing the XMRig and the LemonDuck malware, respectively.
29. Most malware detected on Macs comprised Potentially Unwanted Programs (PUPs) in 2021.
Malware detected on Macs rose from around 80 million in 2020 to over 160 million in 2021. Out of all threats detected, PUPs were at 89.8% detection.
Adware and Malware came after with 9.8% and 0.4%, respectively.
30. Malware detection on Windows work computers soared 143% in 2021.
Meanwhile, malware attacks against personal Windows computers increased 65%.
31. The number of malware programs detected in 2023 is over 11 million.
Currently, there have been over 1.2 billion malware programs released since 1984.
Of these, 94,451,939 were released over the last year.
32. There was a 4% decrease in phishing sites in 2021.
Around 611,877 unique phishing sites were detected in Q1 2021, signifying a 25,425 reduction from 637,302 in Q4 2020.
33. PUAs programs take up the largest category of Android malware in 2023.
As of February 2023, there are 33,280,049 Android malware in existence, with 22,841,176 being Potentially Unwanted Apps (PUAs).
34. Most Android malware programs come via APKs in 2023.
27,374 malware detected since the beginning of 2023 were categorized as APKs. Approximately 2,731 were classified as Java.
35. MacOS has the least amount of malware programs in 2023.
Windows tops the list with 1.21 million malware programs.
Android comes second with around 32,586, Linux with about 17,509, and MacOS with about 415.
Malware Virus Statistics
36. Symantec Corporation owned 79% of the global Windows anti-malware market in 2021.
As of August 2021, Symantec had a 79% market share, with Norton360 owning only 13%.
37. The global antivirus software market will reduce by $270 million by 2024.
This reduction is set to bring the market’s overall size down to $3.5 billion.
Mobile Malware Statistics
38. Iran encountered over 24% of mobile malware attacks in Q3 2021.
Saudi Arabia and China came in second and third with 17% attacks each.
39. Adware accounted for 42.42% of global mobile malware in 2021.
RiskTool and Trojan came second and third with 35.27% and 8.86% market share, respectively.
40. There were 463 variants of the HiddenAds Android malware in 2021.
These variants were detected a total of 192,919 times. This malware hijacked users’ phones, displaying ads in notification bars, lock screens, pop-up screens, and browsers.
41. Approximately 886,105 mobile malware were detected on mobile devices in Q2 2021.
Mobile device malware reduced from 2,106,680 in Q4 2020 and 1,451,660 in Q1 2021. The highest amount recorded was 3,626,458 in Q1 2016.
42. 405,684 malware programs were detected in Q2 2022 on mobile devices.
Kaspersky blocked 5,520,908 mobile malware, adware, and riskware programs in Q2 2022. Of these, 55,614 were mobile banking trojans, and 3,821 were ransomware trojans. Adware took the majority category at 25.28%.
43. Ryuk was the top ransomware signature of 2021.
More than 300 ransomware families were detected, with Ryuk taking up 30% at 180.4 million. SamSam came in second with 103.9 million, and Cerber third at 102.7 million. Combined, these three made up 62.1% of all ransomware families.
|Ransomware Family||Ransomware Family Volume|
44. There were around 20 ransomware attempts per second in 2021.
Ransomware attack volume increased by 105% from 304,638,987 in 2020 to 623,254,877 in 2021. This represented an average of 2,170 ransomware attacks per user.
45. Ransomware accounted for 6 to 10% of global cyber-attacks in 2021.
Botnet took the majority share of 31% of malware attacks.
Regarding regions, Botnet accounted for 43% of APAC (Asia-Pacific) attacks.
46. The number of organizations targeted by ransomware grew by 3% in 2022.
Ransomware organization attack cases hit a new peak, with overall attacks reaching 71% in 2022 from 69% in 2021.
47. 72.2% of businesses affected by ransomware paid the ransom and recovered data in 2021.
71% of global companies were affected by ransomware. Of these, 62.9% paid to recover compromised data.
48. Most Ransomware targeted the Healthcare and Public Health industry in 2021.
There were 649 complaints to the FBI concerning ransomware attacks in the US targeting over 14 critical infrastructure sectors. Healthcare and Public Health, Information Technology, and Financial Services received the most attacks.
49. Over $49.2 million was lost to ransomware attacks in 2021.
This was an increase of $20 million from $29,157,405 seen in 2020 and around a $40 million increase from $8,965,847 in 2019. The amount represented 3,729 complaints to the FBI.
50. The US Healthcare and First Responder networks were targets of the CONTI ransomware.
The FBI identified 16 CONTI ransomware attacks targeting law enforcement agencies, emergency dispatch centers, and medical services in May 2021.
51. There was an increase in PYSA ransomware attacks targeting education institutions in the US and UK.
Education institutions in about 12 US states and the UK were subject to PYSA ransomware attacks in March 2021.
52. CONTI, LockBit, and REvil/Sdinokibi were the top 3 ransomware variants targeting critical infrastructure industries in the US in 2021.
CONTI targeted the Manufacturing, Food & Agriculture, and Commercial industries. LockBit targeted the Financial, Government, Healthcare, and Public Health Services. REvil targeted the Healthcare, Economic, and IT sectors.
53. There were 236.1 million global ransomware attacks in Q1 and Q2 2022.
Worldwide ransomware attacks in 2021 grew to 623.3 million, almost reaching highs of 638 million seen in 2016.
54. The number of new ransomware families dropped from 127 in 2020 to 78 in 2021.
This drop signified a 39% reduction within one year. Meanwhile, 2017, 2016, and 2018 recorded high ransomware family figures of 327, 247, and 222, respectively.
55. Only about 4 out of 10 businesses that paid ransom didn’t recover their data in 2022.
64% of companies targeted by ransomware paid the ransom.
The average ransom payment rose from 279,706 Euros to 510,992 Euros.
56. 15% of organizations experienced two-week downtime from a ransomware attack in 2022.
25% of companies experienced downtime of 2 to 3 days after an attack, while most took a week to recover.
57. 45 US school districts were impacted by ransomware in 2022.
In 2022 in the US, 106 local governments, 45 educational institutions, and 25 healthcare service providers were ransomware victims in the US.
58. There was a 7.2% spike in Android spyware apps in 2021.
Malware bytes detected 1,106 spyware apps in 2021. Additionally, 54,677 monitor apps were detected within the same period, marking an increase of 4.2%.
59. There was a 20% decline in Spyware detection in 2021.
Meanwhile, monitor apps fell by 39%, going from 5,654 monthly detections in H1 2021 to 3,459 monthly by H2 2021.
60. 185 countries or regions were affected by stalkerware in 2021.
The top 4 countries affected by stalkerware include Russia, Brazil, the US, and India. Globally, around 33,000 users were affected by stalkerware, representing a 21,176 drop from 53,870 in 2020.
|Year||Number of People Affected by Stalkerware|
Malware is a constantly-evolving threat that neither you nor your business should take lightly. Cybercriminals are always looking for security vulnerabilities they can take exploit.
These statistics reveal that many malware types target critical sectors and industries globally rather than individuals. Therefore, you must learn about the different kinds of malware and how they work to stay up-to-date with the latest threats.
Lastly, remain vigilant, taking proactive steps such as using the latest security updates to protect your data from malicious attacks. Also, make sure to check our statistic roundup for Phishing.