![Apple Developing AI 'Vibe-Coding' Assistant for Xcode With Anthropic [Report]](https://www.iclarified.com/images/news/97200/97200/97200-640.jpg)
![Apple's New Ads Spotlight Apple Watch for Kids [Video]](https://www.iclarified.com/images/news/97197/97197/97197-640.jpg)
_Inge_Johnsson-Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
![From Art School Drop-out to Microsoft Engineer with Shashi Lo [Podcast #170]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746203291209/439bf16b-c820-4fe8-b69e-94d80533b2df.png?#)
ANY.RUN Unveils Q1 2025 Malware Trends Report, Highlighting Evolving Cyber Threats
ANY.RUN, a leading cybersecurity firm, has released its Q1 2025 Malware Trends Report, offering critical insights into the dynamic cyber threat landscape. Drawing from data analyzed by 15,000 companies and 500,000 analysts within ANY.RUN’s Interactive Sandbox delivers actionable intelligence to bolster organizational security. The comprehensive analysis covers key threats, including prevalent malware families, Advanced Persistent […] The post ANY.RUN Unveils Q1 2025 Malware Trends Report, Highlighting Evolving Cyber Threats appeared first on Cyber Security News.
ANY.RUN, a leading cybersecurity firm, has released its Q1 2025 Malware Trends Report, offering critical insights into the dynamic cyber threat landscape. Drawing from data analyzed by 15,000 companies and 500,000 analysts within ANY.RUN’s Interactive Sandbox delivers actionable intelligence to bolster organizational security.
The comprehensive analysis covers key threats, including prevalent malware families, Advanced Persistent Threats (APTs), phishing kits, and evolving Tactics, Techniques, and Procedures (TTPs).
It also highlights emerging cybersecurity trends, enabling organizations to save hours on research and strengthen their defenses against sophisticated attacks.
The first quarter of 2025 has witnessed significant shifts in the cybersecurity landscape, with stealers maintaining dominance while ransomware attacks surged dramatically. ANY.RUN’s latest malware trends report reveals substantial increases in threat activity across multiple categories, providing critical intelligence for security professionals as cyber threats continue to evolve at an alarming pace.
ANY.RUN’s interactive sandbox processed over 1.4 million analysis sessions during Q1 2025, a substantial 23% increase from the previous quarter.
Security analysts identified 279,515 malicious files and 80,319 suspicious files in these sessions, collectively generating over 829 million indicators of compromise (IOCs). This significant growth in analysis volume highlights the expanding threat landscape facing organizations worldwide.
Get the Q1’25 Report Based on Real Data From 15,000+ Global SOC Teams for Free
The comprehensive dataset collected through these sessions offers valuable insights into emerging threat patterns, providing security teams with actionable intelligence to strengthen their defensive postures against increasingly sophisticated attacks.
Dominant Malware Types & Shift in Priorities
Stealers have maintained their position as the most prevalent malware type, with 36,043 detections in Q1 2025 – a significant increase from 25,341 in the previous quarter. This persistent threat continues to focus on harvesting sensitive credentials and personal information from compromised systems.
Perhaps most concerning is the dramatic 77% surge in ransomware activity, with detections rising from 5,853 to 10,385. This alarming trend suggests cybercriminals are increasingly favoring direct monetization strategies with potentially devastating consequences for victims.
Loader malware also demonstrated significant growth with a 49% increase in detections (15,523). These threats serve as initial access facilitators, allowing attackers to deploy secondary payloads onto compromised systems. Other notable increases included:
- Backdoor activity more than doubling from 679 to 2,089
- Botnets entering the top five with 5,272 detections
- Keylogger detections doubling to 4,499
Among specific malware families, Lumma maintained its top position with a 17.7% increase in detections. However, the most dramatic shifts occurred with Xworm, which jumped from fifth to second place by more than doubling its detection rate to 6,599. Snake malware also demonstrated remarkable growth, moving from eighth to third place with a 2.3x increase in detections.
Two new entrants to the top malware families list – DCRat (2,299 detections) and Quasar (1,501 detections) – suggest evolving attacker preferences. Meanwhile, previously dominant families showed reduced activity, with Stealc dropping from second to ninth place (67.5% decrease) and Redline falling entirely out of the top rankings.
Attack Techniques & New Strategies
The ANY.RUN report identifies significant changes in the tactics, techniques, and procedures (TTPs) employed by threat actors. Registry Run Keys/Startup Folder (T1547.001) became the most detected technique with 52,415 instances – a dramatic increase from 18,394 in Q4 2024.
Exploit Public-Facing Application (T1190) emerged as a major new threat vector, rising to third place with 37,579 detections despite not previously ranking in the top 201. Scheduled Task techniques (T1053.005) also saw explosive growth with a 109% increase to 37,470 detections.
Process Injection (T1055) demonstrated newfound popularity with 20,547 detections, highlighting attackers’ increasing focus on evasion and persistence mechanisms.
Phishing threats showed a concerning 30% increase, with total detections rising from 82,684 to 107,7931. The STORM-1747 group maintained its dominant position with 16,140 detections, while TA569 moved into second place with 1,005 instances.
Among phishing kits, Tycoon 2FA demonstrated remarkable growth with 21,463 samples (up from 8,785), while EvilProxy secured second place with 4,743 detections. The continued evolution of these sophisticated tools suggests phishing remains a primary initial access vector for attackers.
UPX remained the most commonly detected packer despite a decrease to 8,594 detections, while NETReactor maintained second position with 4,917 instances. PureCrypter emerged as a new player with 1,540 detections, while ASPack nearly doubled its presence with 1,092 detections.
These obfuscation tools continue to challenge detection mechanisms, enabling malware to evade traditional security controls and highlighting the need for advanced behavioral analysis capabilities.
The Q1 2025 malware trends report from ANY.RUN paints a picture of an increasingly active and sophisticated threat landscape. The dramatic increases in ransomware, stealing capabilities, and exploitation techniques underscore cybercriminals’ evolving priorities.
Organizations must remain vigilant by implementing multi-layered security defenses, conducting regular threat hunting, and maintaining comprehensive security awareness programs to counter these evolving threats.
Are you from the SOC and DFIR Teams? – Analyse Real time Malware Incidents with ANY.RUN -> Start Now for Free.
The post ANY.RUN Unveils Q1 2025 Malware Trends Report, Highlighting Evolving Cyber Threats appeared first on Cyber Security News.
