Let\u2019s jump in and see what this quarter taught us about the intriguing world of malware. <\/p>\n\n\n\n
Summary <\/h2>\n\n\n\n![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/Review-Q4-2024-1-1024x379.jpg\")
The number of sandbox sessions has grown compared to Q3 2024<\/em><\/figcaption><\/figure><\/div>\n\n\nIn Q4 2024, ANY.RUN users ran 1,151,901 public interactive analysis sessions, marking a 5.6% increase from Q3 2024<\/a>. Out of these, 259,898 (22.6%) were flagged as malicious, and 71,565 (6.2%) as suspicious. <\/p>\n\n\n\nCompared to the previous quarter, the percentage of malicious sandbox sessions rose from 19.4% in Q3 2024 to 22.6% in Q4 2024. At the same time, the share of suspicious sessions grew from 4.3% to 6.2%. <\/p>\n\n\n\n
Users collected an impressive 712,151,966 indicators of compromise (IOCs) during Q4, reflecting the heightened activity and complexity of the threats analyzed. <\/p>\n\n\n\n
Top Malware Types in Q4 2024 <\/h2>\n\n\n\n![\"\"](\"\/cybersecurity-blog\/wp-content\/uploads\/2024\/12\/Malware-types-Q4-2025-1-1024x576.jpg\")
Stealers beat Loaders as the top malware type in Q4 2024<\/em><\/figcaption><\/figure><\/div>\n\n\nLet\u2019s dive into the most common malware types identified by ANY.RUN\u2019s sandbox in Q4 2024: <\/p>\n\n\n\n
\n \n\n \n \n # <\/th>\n \n Type <\/th>\n \n Detections <\/th>\n <\/tr>\n \n \n 1 <\/td>\n \n Stealer<\/a> <\/td>\n \n 25,341 <\/td>\n <\/tr>\n \n \n 2 <\/td>\n \n Loader<\/a> <\/td>\n \n 10,418 <\/td>\n <\/tr>\n \n \n 3 <\/td>\n \n RAT<\/a> <\/td>\n \n 6,415 <\/td>\n <\/tr>\n \n \n 4 <\/td>\n \n Ransomware<\/a> <\/td>\n \n 5,853 <\/td>\n <\/tr>\n \n \n 5 <\/td>\n \n Keylogger<\/a> <\/td>\n \n 1,915 <\/td>\n <\/tr>\n \n \n 6 <\/td>\n \n Adware<\/a> <\/td>\n \n 1,666 <\/td>\n <\/tr>\n \n \n 7 <\/td>\n \n Exploit <\/td>\n \n 905 <\/td>\n <\/tr>\n \n \n 8 <\/td>\n \n Backdoor<\/a> <\/td>\n \n 679 <\/td>\n <\/tr>\n \n \n 9 <\/td>\n \n Trojan<\/a> <\/td>\n \n 466 <\/td>\n <\/tr>\n \n \n 10 <\/td>\n \n Rootkit <\/td>\n \n 386 <\/td>\n <\/tr>\n <\/table>\n<\/div>
In Q4 2024, ANY.RUN users ran 1,151,901 public interactive analysis sessions, marking a 5.6% increase from Q3 2024<\/a>. Out of these, 259,898 (22.6%) were flagged as malicious, and 71,565 (6.2%) as suspicious. <\/p>\n\n\n\n Compared to the previous quarter, the percentage of malicious sandbox sessions rose from 19.4% in Q3 2024 to 22.6% in Q4 2024. At the same time, the share of suspicious sessions grew from 4.3% to 6.2%. <\/p>\n\n\n\n Users collected an impressive 712,151,966 indicators of compromise (IOCs) during Q4, reflecting the heightened activity and complexity of the threats analyzed. <\/p>\n\n\n\n Let\u2019s dive into the most common malware types identified by ANY.RUN\u2019s sandbox in Q4 2024: <\/p>\n\n\n\nTop Malware Types in Q4 2024 <\/h2>\n\n\n
\n\n
\n \n # <\/th>\n \n Type <\/th>\n \n Detections <\/th>\n <\/tr>\n \n \n 1 <\/td>\n \n Stealer<\/a> <\/td>\n \n 25,341 <\/td>\n <\/tr>\n \n \n 2 <\/td>\n \n Loader<\/a> <\/td>\n \n 10,418 <\/td>\n <\/tr>\n \n \n 3 <\/td>\n \n RAT<\/a> <\/td>\n \n 6,415 <\/td>\n <\/tr>\n \n \n 4 <\/td>\n \n Ransomware<\/a> <\/td>\n \n 5,853 <\/td>\n <\/tr>\n \n \n 5 <\/td>\n \n Keylogger<\/a> <\/td>\n \n 1,915 <\/td>\n <\/tr>\n \n \n 6 <\/td>\n \n Adware<\/a> <\/td>\n \n 1,666 <\/td>\n <\/tr>\n \n \n 7 <\/td>\n \n Exploit <\/td>\n \n 905 <\/td>\n <\/tr>\n \n \n 8 <\/td>\n \n Backdoor<\/a> <\/td>\n \n 679 <\/td>\n <\/tr>\n \n \n 9 <\/td>\n \n Trojan<\/a> <\/td>\n \n 466 <\/td>\n <\/tr>\n \n \n 10 <\/td>\n \n Rootkit <\/td>\n \n 386 <\/td>\n <\/tr>\n <\/table>\n<\/div>