Statistical Report on Malware Threat in Q3 2024
| Overview Statistics 1. Malware statistics in Q3 2024 2. Malware Details by Type in Q3 2024 Conclusion |
Overview
AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q3 2024.
This report categorizes malware by type and provides detailed statistics on the proportion of specific malware for each type. Moreover, it explains the distribution method of each malware and gives a summary of their features.
Statistics
1. Malware statistics in Q3 2024
The following is a categorization of known malware collected during the third quarter of 2024. In terms of major categorization, the most prevalent types of malware, in order, are Infostealer, backdoor, downloader, banking, ransomware, and CoinMiner.
Figure 1. Statistics on malware by category
|
Main Category |
Ratio |
| InfoStealer | 56.7% |
| Backdoor | 23.3% |
| Downloader | 17.2% |
| Banking | 1.4% |
| Ransomware | 1.1% |
| CoinMiner | 0.3% |
Table 1. Statistics on malware by category
2. Malware Details by Type in Q3 2024
The following is information on the types of malware used based on the results of the analysis of malware collected in Q3 2024.
2.1. InfoStealer
Certain types of Infostealers such as AgentTesla and Formbook have been consistently distributed for several years and account for most of this category. AgentTesla is usually distributed through attachments in spam emails, assuming various disguises, and steals account information stored in web browsers, emails, and FTP clients within the user environment.
Figure 2. Statistics on Infostealers
2.2. Backdoor
Backdoors include the RAT malware. Remcos, which accounted for the largest proportion this quarter, is a commercial RAT malware that is used by various threat actors. It is primarily distributed as attachments in spam emails,12 13 but recently, it has also been used in attacks targeting improperly managed MS-SQL servers, often in conjunction with Cobalt Strike.
Figure 3. Statistics on backdoors
