Overview
 

AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q4 2023. 

The malware included in the statistics are in the executable format. These were reported through client companies or collected after being detected while performing malicious behaviors in an environment where AhnLab products were installed during the aforementioned period. Ordinarily, malware is distributed through spam emails, web browsers, or attack processes against vulnerable environments. Accordingly, it is reported in the form of an attachment to spam emails or detected and collected when the user downloads and runs an inappropriate file from a web browser or when a vulnerable environment is attacked and the malware is executed. 

These malware are categorized based on known malware. Here, “known malware” refers to the types that are sold by the developers of malware or those that are made through cracked versions of builders, and most of these are still being distributed even to this day. There are also types that the threat actor develops themselves and distributes, and most banking malware falls into this category. 

This report categorizes malware by type and provides detailed statistics on the proportion of specific malware for each type. Moreover, it explains the distribution method of each malware and gives a summary of their features.

 

Statistics

 

1. Malware Statistics in Q4 2023

 

The following is a categorization of known malware collected during the fourth quarter of 2023. In terms of major categorization, the most prevalent types of malware, in order, are: Infostealer, downloader, backdoor, CoinMiner, and ransomware.

 

Figure 1. Statistics on malware by category

 

Main Category	Ratio
Infostealer	49.8%
Downloader	27.5%
Backdoor	17.6%
CoinMiner	3.5%
Ransomware	1.6%

Table 1. Statistics on malware by category