Malware Activity

Malware — “malicious software” — is defined by the Organization for Economic Cooperation and Development (OECD) as “a general term for a piece of software inserted into an information system to cause harm to that system or other systems, or to subvert them for use other than that intended by their owners”. Malware can manipulate data; interfere with the operation of computer systems and networks; delete, suppress, or block access to data; and re-direct computing resources from legitimate to criminal purposes.

We capture and analyze malware reports from four widely used and respected threat intelligence sources: Malware Patrol, Malware URL, Spamhaus, and URLhaus. From these source or malware reports, we create records suitable for analysis to understand and measure what malware was most prevalent, where malware was served from or distributed, and what resources criminals used to pursue their attacks.

We publish these reports because we believe that measurements are necessary to drive informed decision making; however, the operational communities of the industry segments that cybercriminals exploit must commit to mitigation where they are able to do so. And to do so effectively, they must collaborate closely with cyber investigators, policy makers, legislators, and law enforcement.

For a summary of the most recent malware activity,
read our most recent Malware Trends report.

For a look at 2022 malware activity, read our
2023 Malware Landscape highlights and study.

Quarterly (Q) Updates

Each quarter, we publish updates to our ongoing measurements and analyses of malware activity—what malware is most prevalent, where it is being served from, and where malware attackers go to acquire the resources for their criminal activities.

These updates examine malware activity reported during three-month periods beginning January 1, 2021. Select an activity focus and period from the dropdown menus.

Quarter over Quarter (QoQ) Comparisons

We compare the measurements of successive quarterly updates, to show whether malware activity has increased or decreased over time, and where.

Quarter over Quarter updates compare malware activity reported in successive, three-month periods beginning January 1, 2021. Select an activity focus and period from the dropdown menus.