{"id":17780,"date":"2026-01-20T08:00:04","date_gmt":"2026-01-20T08:00:04","guid":{"rendered":"\/cybersecurity-blog\/?p=17780"},"modified":"2026-01-21T09:13:31","modified_gmt":"2026-01-21T09:13:31","slug":"malware-trends-2025","status":"publish","type":"post","link":"\/cybersecurity-blog\/malware-trends-2025\/","title":{"rendered":"Malware Trends Report 2025: New Security Risks for Businesses in 2026"},"content":{"rendered":"\n<p>Summarizing&nbsp;the&nbsp;past year\u2019s threat&nbsp;landscape based on activity&nbsp;observed&nbsp;in&nbsp;<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=%20malware_trends_25&amp;utm_term=190126&amp;utm_content=linktosandboxanding\" target=\"_blank\" rel=\"noreferrer noopener\">ANY.RUN\u2019s Interactive Sandbox<\/a>,&nbsp;this annual&nbsp;report&nbsp;provides insights into&nbsp;the&nbsp;most detected&nbsp;malware&nbsp;types, families, TTPs, and phishing threats of 2025.&nbsp;<\/p>\n\n\n\n<p>For&nbsp;additional&nbsp;insights, view ANY.RUN\u2019s&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/research\/\" target=\"_blank\" rel=\"noreferrer noopener\">quarterly malware trends&nbsp;reports<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key Takeaways&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Threat activity surged, with<strong>\u00a0total sandbox sessions up 72%<\/strong>\u00a0and\u00a0<strong>malicious detections growing<\/strong>\u00a0proportionally, reflecting\u00a0increased frequency and depth of\u00a0analysis\u00a0among\u00a0SOCs.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Stealers and RATs\u00a0<\/strong>maintain\u00a0dominance, tripling in activity compared to 2024.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Lumma\u00a0and\u00a0XWorm<\/strong>\u00a0led malware family rankings, highlighting sustained reliance and mature and adaptable malicious ecosystems.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Phishing, driven by MFA-bypassing\u00a0PhaaS\u00a0kits like\u00a0<strong>Tycoon 2FA and\u00a0EvilProxy<\/strong>, evolved into an\u00a0advanced\u00a0malicious\u00a0vector.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Widespread TTPs shifted toward stealth\u00a0and trust abuse, with\u00a0<strong>root certificate installation\u00a0<\/strong>as the most detected technique\u00a0of the year.\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Summary&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"361\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Review-2025-1-1024x361.png\" alt=\"\" class=\"wp-image-17821\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Review-2025-1-1024x361.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Review-2025-1-300x106.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Review-2025-1-768x271.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Review-2025-1-1536x541.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Review-2025-1-2048x722.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Review-2025-1-370x130.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Review-2025-1-270x95.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Review-2025-1-740x261.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>2025 Sandbox activity summary<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-269\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"4\"\n           data-wpID=\"269\"\n           data-responsive=\"0\"\n           data-has-header=\"0\">\n\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Total\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        6,891,075\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Malicious\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1,401,910\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Suspicious\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        430,223\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        IOCs\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        3,807,063,591\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-269'>\ntable#wpdtSimpleTable-269{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-269 td, table.wpdtSimpleTable269 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p>In 2025, ANY.RUN&nbsp;experienced&nbsp;significant&nbsp;growth&nbsp;alongside a rise&nbsp;in malicious activity.&nbsp;The numbers&nbsp;reflect&nbsp;a&nbsp;substantial growth&nbsp;of deep&nbsp;investigations and&nbsp;the&nbsp;detections of evasive threats&nbsp;facilitated&nbsp;by Interactive Sandbox:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>6.8 million sandbox sessions<\/strong>\u00a0were launched \u2014\u00a0<strong>+72.2%\u00a0<\/strong>compared to 2024.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The\u00a0number of\u00a0<strong>malicious\u00a0<\/strong>samples grew by a similar number:\u00a0<strong>77.3%<\/strong>.\u00a0This shows that the overall\u00a0sandbox\u00a0activity and malicious detections grow proportionally.\u00a0\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Suspicious\u00a0<\/strong>samples\u00a0<strong>more than doubled<\/strong>\u00a0and\u00a0rose\u00a0from 211,517 in 2024 to 430,223 in 2025.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The<strong>\u00a0total number of\u00a0IOCs\u00a0<\/strong>collected by\u00a0ANY.RUN\u2019s global\u00a0community:\u00a0<strong>3.8 billion<\/strong>,\u00a0nearly 2\u00a0billion more than the year before.\u00a0<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"566\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-9-2048x1132-2-1024x566.png\" alt=\"\" class=\"wp-image-17826\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-9-2048x1132-2-1024x566.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-9-2048x1132-2-300x166.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-9-2048x1132-2-768x425.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-9-2048x1132-2-1536x849.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-9-2048x1132-2-370x205.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-9-2048x1132-2-270x149.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-9-2048x1132-2-740x409.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image3-9-2048x1132-2.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Multi-stage attack detonated inside ANY.RUN sandbox<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<p>As investigation volume and behavioral visibility increase,&nbsp;<strong>15K+<\/strong>&nbsp;security teams gain earlier detection, richer context, and faster response capabilities with ANY.RUN.&nbsp;<\/p>\n\n\n\n<p>Interactive Sandbox helps them ensure a strong, enterprise-grade defense system by enabling:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Early Detection<\/strong>: Minimize risks to safeguard your infrastructure and reputation with 36% higher detection rates.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Higher Efficiency &amp; ROI<\/strong>: Cut MTTR by 21 minutes to power quicker incident resolution.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Smarter Decision-Making<\/strong>: Flexible solutions enhance visibility into threats for\u00a0insights-driven action.\u00a0<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nBoost detections by <span class=\"highlight\">36%<\/span>\u00a0\n<br>while resolving\u00a0incidents <span class=\"highlight\">21 mins<\/span> faster\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=malware_trends_25&#038;utm_term=190126&#038;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noopener\">\nIntegrate in your SOC\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Top Malware Types: Highlights<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-types-2025-1-1024x538.png\" alt=\"\" class=\"wp-image-17800\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-types-2025-1-1024x538.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-types-2025-1-300x158.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-types-2025-1-768x403.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-types-2025-1-1536x806.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-types-2025-1-2048x1075.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-types-2025-1-370x194.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-types-2025-1-270x142.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-types-2025-1-740x389.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Top malware types 2025<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<ol class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/stealer\/\" target=\"_blank\" rel=\"noreferrer noopener\">Stealer<\/a><\/strong> <strong>155,741<\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/rat\/\" target=\"_blank\" rel=\"noreferrer noopener\">RAT<\/a><\/strong> <strong>72,114<\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/loader\/\" target=\"_blank\" rel=\"noreferrer noopener\">Loader<\/a><\/strong> <strong>69,651<\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/ransomware\/\" target=\"_blank\" rel=\"noreferrer noopener\">Ransomware<\/a><\/strong> <strong>42,220<\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/botnet\/\" target=\"_blank\" rel=\"noreferrer noopener\">Botnet<\/a><\/strong> <strong>24,022<\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/backdoor\/\" target=\"_blank\" rel=\"noreferrer noopener\">Backdoor<\/a><\/strong> <strong>21,418<\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/keylogger\/\" target=\"_blank\" rel=\"noreferrer noopener\">Keylogger<\/a><\/strong> <strong>16,144<\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/adware\/\" target=\"_blank\" rel=\"noreferrer noopener\">Adware<\/a><\/strong> <strong>14,960<\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/trojan\/\" target=\"_blank\" rel=\"noreferrer noopener\">Trojan<\/a><\/strong> <strong>10,016<\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/any.run\/malware-trends\/miner\/\" target=\"_blank\" rel=\"noreferrer noopener\">Miner<\/a><\/strong> <strong>8,442<\/strong><\/li>\n<\/ol>\n\n\n\n<p>The upper part of the&nbsp;most active malware&nbsp;types&nbsp;chart&nbsp;closely resembles&nbsp;that of 2024.&nbsp;The top four most detected threats&nbsp;remained&nbsp;unchanged,&nbsp;underscoring&nbsp;the&nbsp;long-term impact&nbsp;and growth in activity&nbsp;of&nbsp;<strong>Stealer&nbsp;<\/strong>and&nbsp;<strong>RAT<\/strong>&nbsp;(their intensity grew 3x),&nbsp;<strong>Loader&nbsp;<\/strong>(2.5x) and&nbsp;<strong>Ransomware&nbsp;<\/strong>(2x)&nbsp;malware.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Widespread stealers:<\/strong>\u00a0<a href=\"https:\/\/any.run\/malware-trends\/lumma\/\" target=\"_blank\" rel=\"noreferrer noopener\">Lumma<\/a>,\u00a0\u00a0<a href=\"https:\/\/any.run\/malware-trends\/stealc\/\" target=\"_blank\" rel=\"noreferrer noopener\">Stealc<\/a>,\u00a0<a href=\"https:\/\/any.run\/malware-trends\/blankgrabber\/\" target=\"_blank\" rel=\"noreferrer noopener\">Blank Grabber<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Widespread RATs:<\/strong>\u00a0<a href=\"https:\/\/any.run\/malware-trends\/XWorm\/\" target=\"_blank\" rel=\"noreferrer noopener\">XWorm<\/a>,\u00a0<a href=\"https:\/\/any.run\/malware-trends\/quasar\/\" target=\"_blank\" rel=\"noreferrer noopener\">Quasar RAT<\/a>,\u00a0<a href=\"https:\/\/any.run\/malware-trends\/asyncrat\/\" target=\"_blank\" rel=\"noreferrer noopener\">AsyncRAT<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Widespread loaders:<\/strong>\u00a0<a href=\"https:\/\/any.run\/malware-trends\/smoke\/\" target=\"_blank\" rel=\"noreferrer noopener\">Smoke Loader<\/a>,\u00a0<a href=\"https:\/\/any.run\/malware-trends\/purecrypter\/\" target=\"_blank\" rel=\"noreferrer noopener\">PureCrypter<\/a>,\u00a0<a href=\"https:\/\/any.run\/malware-trends\/hijackloader\/\" target=\"_blank\" rel=\"noreferrer noopener\">HijackLoader<\/a>\u00a0<\/li>\n<\/ul>\n\n\n\n<p>Other types&nbsp;have seen notable&nbsp;growth, too. Particularly dramatic increases are seen in&nbsp;<strong>Backdoor&nbsp;<\/strong>and&nbsp;<strong>Adware&nbsp;<\/strong>attacks. This points to an ongoing&nbsp;trend&nbsp;towards&nbsp;persistent access, credential theft, and&nbsp;multi-stage&nbsp;malware&nbsp;campaigns as opposed to&nbsp;short-spanned attacks.&nbsp;<\/p>\n\n\n\n<p>A new addition to the list&nbsp;is&nbsp;<strong>Botnet&nbsp;<\/strong>with 21K+ detections&nbsp;that secured fifth place for this malware type.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Malware Families&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-Families-2025-1024x538.png\" alt=\"\" class=\"wp-image-17830\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-Families-2025-1024x538.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-Families-2025-300x158.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-Families-2025-768x403.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-Families-2025-1536x806.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-Families-2025-2048x1075.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-Families-2025-370x194.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-Families-2025-270x142.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Top-malware-Families-2025-740x389.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Top malware families 2025<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<ol class=\"wp-block-list\">\n<li><a href=\"https:\/\/any.run\/malware-trends\/lumma\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Lumma<\/strong><\/a>\u00a0<strong>31,111<\/strong><\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/xworm\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>XWorm<\/strong><\/a>\u00a0<strong>31,093<\/strong>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/asyncrat\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>AsyncRAT<\/strong><\/a>\u00a0<strong>16,372<\/strong>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/remcos\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Remcos<\/strong><\/a>\u00a0<strong>16,002<\/strong>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/agenttesla\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>AgentTesla<\/strong><\/a>\u00a0<strong>14,584<\/strong>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/snakekeylogger\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Snake<\/strong><\/a>\u00a0<strong>13,556<\/strong>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/quasar\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Quasar<\/strong><\/a>\u00a0<strong>13,512<\/strong>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/vidar\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Vidar<\/strong><\/a>\u00a0<strong>10,303<\/strong>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/stealc\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Stealc<\/strong><\/a>\u00a0<strong>9,927<\/strong>\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/any.run\/malware-trends\/amadey\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Amadey<\/strong><\/a>\u00a0<strong>9,533<\/strong>\u00a0<\/li>\n<\/ol>\n\n\n\n<p>From 2024 to 2025,&nbsp;most&nbsp;recurring malware families at least doubled in activity, as&nbsp;indicated&nbsp;by ANY.RUN\u2019s&nbsp;statistics.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/malware-trends\/xworm\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>XWorm<\/strong><\/a><strong>&nbsp;<\/strong>that&nbsp;led&nbsp;the&nbsp;ranking&nbsp;in 2024 was detected 4.3x times more often in 2025.&nbsp;Despite the&nbsp;sharp&nbsp;growth, it moved a place down&nbsp;and gave way to&nbsp;<a href=\"https:\/\/any.run\/malware-trends\/lumma\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Lumma<\/strong><\/a>, this year\u2019s leader, which&nbsp;grew&nbsp;from 12K to 31K+&nbsp;detections.&nbsp;<\/p>\n\n\n\n<p>Third and fourth places are taken by&nbsp;<a href=\"https:\/\/any.run\/malware-trends\/asyncrat\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>AsyncRAT<\/strong><\/a><strong>&nbsp;<\/strong>and&nbsp;<a href=\"https:\/\/any.run\/malware-trends\/remcos\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Remcos<\/strong><\/a>: both&nbsp;doubled in activity and were detected&nbsp;roughly 16K&nbsp;times.&nbsp;<\/p>\n\n\n\n<p>A notable 3x growth in activity is seen in&nbsp;<a href=\"https:\/\/any.run\/malware-trends\/snakekeylogger\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Snake<\/strong><\/a><strong>&nbsp;<\/strong>threats, which occupied sixth place with 13,556 total detections.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/malware-trends\/quasar\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Quasar<\/strong><\/a><strong>&nbsp;<\/strong>and&nbsp;<a href=\"https:\/\/any.run\/malware-trends\/vidar\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Vidar<\/strong><\/a><strong>&nbsp;<\/strong>families&nbsp;newly&nbsp;entered&nbsp;the top list, signaling renewed&nbsp;<a href=\"https:\/\/any.run\/malware-trends\/rat\/\" target=\"_blank\" rel=\"noreferrer noopener\">RAT<\/a>&nbsp;and stealer diversification.&nbsp;<\/p>\n\n\n\n<p>You can browse Threat Intelligence Lookup for further insights into threats relevant&nbsp;for&nbsp;you&nbsp;country or industry. For that, use requests like:&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/intelligence.any.run\/analysis\/lookup#?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=malware_trends_25&amp;utm_term=190126&amp;utm_content=linktolookup\/%257B%2522query%2522:%2522threatName:%255C%2522xworm%255C%2522%2520AND%2520industry:%255C%2522Finance%255C%2522%2522,%2522dateRange%2522:180%257D%20\" target=\"_blank\" rel=\"noreferrer noopener\">threatName:&#8221;xworm&#8221; AND&nbsp;industry:&#8221;Finance&#8221;<\/a>&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"483\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/xwormfinance-1024x483.png\" alt=\"\" class=\"wp-image-17802\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/xwormfinance-1024x483.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/xwormfinance-300x142.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/xwormfinance-768x362.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/xwormfinance-1536x725.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/xwormfinance-2048x966.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/xwormfinance-370x175.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/xwormfinance-270x127.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/xwormfinance-740x349.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Lookup sharing info on\u00a0XWorm\u00a0threats relevant for finance companies\u00a0<\/em>\u00a0\u00a0<\/figcaption><\/figure><\/div>\n\n\n<p>SOC teams can use these insights from a&nbsp;searchable indicator databases&nbsp;with IOCs, IOAs, and IOBs to:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Build\u00a0Proactive\u00a0Defense:\u00a0<\/strong>Actionable threat intelligence drives targeted and insightful research for staying ahead.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ensure\u00a0Rapid\u00a0Triage and\u00a0Response:\u00a0<\/strong>Instant enrichment of indicators with behavioral context makes for fast and smart decisions.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Optimize\u00a0Workload:\u00a0<\/strong>Rich threat data empowers Tier 1 analysts to work sustainably, reducing escalations to Tier 2.\u00a0<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\nInstant access to fresh threat data\u00a0\n\n<\/span>\u00a0\n<br><span class=\"highlight\">Streamline threat hunting<\/span> with TI Lookup\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/plans-ti\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=malware_trends_25&#038;utm_term=190126&#038;utm_content=linktoplans#contact-sales\" target=\"_blank\" rel=\"noopener\">\nGet started\u00a0\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Phishing Threats&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Phishing-activity-2025-1024x538.png\" alt=\"\" class=\"wp-image-17803\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Phishing-activity-2025-1024x538.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Phishing-activity-2025-300x158.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Phishing-activity-2025-768x403.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Phishing-activity-2025-1536x806.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Phishing-activity-2025-2048x1075.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Phishing-activity-2025-370x194.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Phishing-activity-2025-270x142.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Phishing-activity-2025-740x389.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Phishing activity 2025<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Phishing APTs&nbsp;<\/h3>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-271\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"6\"\n           data-wpID=\"271\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Actor\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Total Detections\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Storm-1747\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        92,147\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TA569\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        11,012\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Storm-1575\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1,539\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TA558\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        720\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        TA582\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        315\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-271'>\ntable#wpdtSimpleTable-271{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-271 td, table.wpdtSimpleTable271 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p>Phishing&nbsp;remained&nbsp;a key&nbsp;initial&nbsp;infection and credential-harvesting method&nbsp;<br>throughout 2025. In ANY.RUN\u2019s Interactive Sandbox,&nbsp;phishing-related activity&nbsp;was detected 541,225 times.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Among key APT groups,\u00a0<strong>Storm-1747 d<\/strong>ominated the list\u00a0consistently\u00a0from Q1 through\u00a0Q4, accounting for\u00a0a total of 92,147 detections.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u00a0<strong>TA569\u00a0<\/strong>held\u00a0second position from\u00a0quarter\u00a0to\u00a0quarter\u00a0as well, with 11K detections overall.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>The dominance&nbsp;of these actors&nbsp;over the months highlights the superiority of these groups on the threat&nbsp;landscape, which allows them to take up a disproportionately large&nbsp;share&nbsp;of phishing operations.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The year\u2019s top three is concluded by&nbsp;<strong>Storm-1575&nbsp;<\/strong>with&nbsp;significantly&nbsp;fewer detections than the&nbsp;chart\u2019s&nbsp;leaders,&nbsp;emphasizing the gap between the leading actors and other groups.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Phishing Kits&nbsp;<\/h3>\n\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-272\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"6\"\n           data-wpID=\"272\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Kit\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Total Detections\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Tycoon2FA\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        107,125\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        EvilProxy\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        37,524\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Sneaky2FA\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        15,546\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Mamba2FA\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        13,582\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        WikiKit\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        5,132\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-272'>\ntable#wpdtSimpleTable-272{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-272 td, table.wpdtSimpleTable272 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p><a href=\"https:\/\/any.run\/malware-trends\/tycoon\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Tycoon2FA<\/strong><\/a><strong>&nbsp;<\/strong>and&nbsp;<a href=\"https:\/\/any.run\/malware-trends\/evilproxy\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>EvilProxy<\/strong><\/a><strong>&nbsp;<\/strong>reigned among most detected phishing kits throughout the year. Their total number of detections: 107,125 and 37,524 respectively,&nbsp;underscoring&nbsp;a&nbsp;clear dominance of&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/phishkit-attacks-101\/\" target=\"_blank\" rel=\"noreferrer noopener\">phishing-as-a-service<\/a>&nbsp;(PhaaS) platforms capable of bypassing multi-factor authentication at scale.&nbsp;<\/p>\n\n\n\n<p>Third place is&nbsp;taken&nbsp;by&nbsp;<a href=\"https:\/\/any.run\/malware-trends\/sneaky2fa\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Sneaky2FA<\/strong><\/a>, another threat that&nbsp;has&nbsp;shown&nbsp;steady growth&nbsp;from quarter to quarter, reflecting focus on session hijacking and interception of credentials in real time.&nbsp;<\/p>\n\n\n\n<p>The top five in 2025&nbsp;phishing threats&nbsp;is&nbsp;rounded&nbsp;out&nbsp;by&nbsp;<a href=\"https:\/\/any.run\/malware-trends\/mamba\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Mamba2FA<\/strong><\/a><strong>&nbsp;<\/strong>and&nbsp;<strong>WikiKit,&nbsp;<\/strong>with&nbsp;roughly 13.5K and 5K total&nbsp;detections&nbsp;respectively.&nbsp;<\/p>\n\n\n\n<p>These&nbsp;figures&nbsp;prove&nbsp;that phishing has evolved into a&nbsp;large-scale threat&nbsp;built around&nbsp;MFA&nbsp;abuse, modular tooling, and reusable infrastructures.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"656\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312-1-1024x656.png\" alt=\"\" class=\"wp-image-17804\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312-1-1024x656.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312-1-300x192.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312-1-768x492.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312-1-1536x984.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312-1-370x237.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312-1-270x173.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312-1-740x474.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/TI-Feeds-1920-v1-2048x1312-1.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Live threat intelligence\u00a0impacts\u00a0the key performance metrics\u00a0<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>You can ensure&nbsp;eraly&nbsp;threat detection of phishing&nbsp;threats like Tycoon2FA,&nbsp;EvilProxy, and more&nbsp;with&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=malware_trends_25&amp;utm_term=190126&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>&nbsp;delivering 99% unique threat data directly into&nbsp;your SIEM and other security solutions.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Refine Detection and Response:\u00a0<\/strong>Indicators like IPs, URLs, and domains are enriched\u00a0with\u00a0threat context, making it possible to power your SOC for proactive defense.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Mitigate Breach Risks:\u00a0<\/strong>15,000 companies contribute to TI Feeds data in real time, instantly expanding your threat coverage and visibility to\u00a0helps\u00a0you stay ahead.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>3x Performance Rates:<\/strong>\u00a0Filtered, noise-free indicators safely delivered via STIX\/TAXII\u00a0beat alert fatigue and enforce\u00a0early detection.\u00a0<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"530\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-5-2048x1060-1-1024x530.png\" alt=\"\" class=\"wp-image-17807\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-5-2048x1060-1-1024x530.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-5-2048x1060-1-300x155.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-5-2048x1060-1-768x398.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-5-2048x1060-1-1536x795.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-5-2048x1060-1-370x192.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-5-2048x1060-1-270x140.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-5-2048x1060-1-740x383.png 740w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/image2-5-2048x1060-1.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>TI Feeds provides fresh data from 15,000 organizations<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n99% unique threat intel for your SOC<br><span class=\"highlight\">Catch attacks early<\/span>\u00a0to protect your business\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=malware_trends_25&#038;utm_term=190126&#038;utm_content=linktotifeedslanding#contact-sales\" target=\"_blank\" rel=\"noopener\">\nIntegrate TI Feeds\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h3 class=\"wp-block-heading\">Protectors\/Packers&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Protectors-and-Packers-2025-1-1024x538.png\" alt=\"\" class=\"wp-image-17805\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Protectors-and-Packers-2025-1-1024x538.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Protectors-and-Packers-2025-1-300x158.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Protectors-and-Packers-2025-1-768x403.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Protectors-and-Packers-2025-1-1536x806.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Protectors-and-Packers-2025-1-2048x1075.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Protectors-and-Packers-2025-1-370x194.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Protectors-and-Packers-2025-1-270x142.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Protectors-and-Packers-2025-1-740x389.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Top protectors and packers 2025<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-274\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"2\"\n           data-rows=\"6\"\n           data-wpID=\"274\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Packer\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:50%;                    padding:10px;\n                    \"\n                    >\n                                        Total Detections\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        UPX\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        45,251\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        NETReactor\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        24,825\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Themida\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        16,487\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        ASPack\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        8,369\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Confuser\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        5,441\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-274'>\ntable#wpdtSimpleTable-274{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-274 td, table.wpdtSimpleTable274 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p>The list of&nbsp;top&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/packers-and-crypters-in-malware\/\" target=\"_blank\" rel=\"noreferrer noopener\">protectors and packers<\/a>&nbsp;used&nbsp;by attackers during 2025&nbsp;remained mostly stable throughout the year, reflecting continued reliance on&nbsp;established&nbsp;obfuscation tools.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The ultimate leader is\u00a0<strong>UPX\u00a0<\/strong>with a significant\u00a0gap\u00a0from other packers\u00a0secured by 45K+ detections.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It\u2019s\u00a0followed by\u00a0<strong>NETReactor\u00a0<\/strong>with 24K+ detections and\u00a0<a href=\"https:\/\/any.run\/cybersecurity-blog\/vmprotect-themida-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Themida<\/strong><\/a><strong>\u00a0<\/strong>with 16K+, both\u00a0commonly\u00a0leveraged\u00a0to protect commodity malware and evade static analysis.\u00a0<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">TOP TTPs&nbsp;<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Mitre-techniques-2025-1024x538.png\" alt=\"\" class=\"wp-image-17806\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Mitre-techniques-2025-1024x538.png 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Mitre-techniques-2025-300x158.png 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Mitre-techniques-2025-768x403.png 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Mitre-techniques-2025-1536x806.png 1536w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Mitre-techniques-2025-2048x1075.png 2048w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Mitre-techniques-2025-370x194.png 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Mitre-techniques-2025-270x142.png 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/Mitre-techniques-2025-740x389.png 740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Top MITRE ATT&amp;CK TTPs 2025<\/em>\u00a0<\/figcaption><\/figure><\/div>\n\n\n<div class=\"wpdt-c row wpDataTableContainerSimpleTable wpDataTables wpDataTablesWrapper\n\"\n    >\n        <table id=\"wpdtSimpleTable-273\"\n           style=\"border-collapse:collapse;\n                   border-spacing:0px;\"\n           class=\"wpdtSimpleTable wpDataTable\"\n           data-column=\"4\"\n           data-rows=\"11\"\n           data-wpID=\"273\"\n           data-responsive=\"0\"\n           data-has-header=\"1\">\n\n                    <thead>        <tr class=\"wpdt-cell-row \" >\n                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"A1\"\n                    data-col-index=\"0\"\n                    data-row-index=\"0\"\n                    style=\" width:25%;                    padding:10px;\n                    \"\n                    >\n                                        Rank\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"B1\"\n                    data-col-index=\"1\"\n                    data-row-index=\"0\"\n                    style=\" width:25%;                    padding:10px;\n                    \"\n                    >\n                                        TTP ID\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"C1\"\n                    data-col-index=\"2\"\n                    data-row-index=\"0\"\n                    style=\" width:25%;                    padding:10px;\n                    \"\n                    >\n                                        Name\u00a0                    <\/th>\n                                                <th class=\"wpdt-cell wpdt-bold\"\n                                            data-cell-id=\"D1\"\n                    data-col-index=\"3\"\n                    data-row-index=\"0\"\n                    style=\" width:25%;                    padding:10px;\n                    \"\n                    >\n                                        Total Detections\u00a0                    <\/th>\n                                        <\/tr>\n                    <tbody>        <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A2\"\n                    data-col-index=\"0\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B2\"\n                    data-col-index=\"1\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1553.004\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C2\"\n                    data-col-index=\"2\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Subvert Trust Controls: Install Root Certificate\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D2\"\n                    data-col-index=\"3\"\n                    data-row-index=\"1\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        385,915\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A3\"\n                    data-col-index=\"0\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        2\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B3\"\n                    data-col-index=\"1\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1036.003\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C3\"\n                    data-col-index=\"2\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Masquerading: Rename Legitimate Utilities\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D3\"\n                    data-col-index=\"3\"\n                    data-row-index=\"2\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        304,926\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A4\"\n                    data-col-index=\"0\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        3\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B4\"\n                    data-col-index=\"1\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1059.003\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C4\"\n                    data-col-index=\"2\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Command and Scripting Interpreter: Windows Command Shell\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D4\"\n                    data-col-index=\"3\"\n                    data-row-index=\"3\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        257,253\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A5\"\n                    data-col-index=\"0\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        4\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B5\"\n                    data-col-index=\"1\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1497.003\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C5\"\n                    data-col-index=\"2\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Virtualization\/Sandbox Evasion: Time Based Checks\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D5\"\n                    data-col-index=\"3\"\n                    data-row-index=\"4\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        255,303\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A6\"\n                    data-col-index=\"0\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        5\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B6\"\n                    data-col-index=\"1\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1059.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C6\"\n                    data-col-index=\"2\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Command and Scripting Interpreter: PowerShell\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D6\"\n                    data-col-index=\"3\"\n                    data-row-index=\"5\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        235,402\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A7\"\n                    data-col-index=\"0\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        6\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B7\"\n                    data-col-index=\"1\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1547.001\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C7\"\n                    data-col-index=\"2\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Boot or Logon\u00a0Autostart\u00a0Execution: Registry Run Keys \/ Startup Folder\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D7\"\n                    data-col-index=\"3\"\n                    data-row-index=\"6\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        172,330\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A8\"\n                    data-col-index=\"0\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        7\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B8\"\n                    data-col-index=\"1\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1053.005\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C8\"\n                    data-col-index=\"2\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Scheduled Task\/Job: Scheduled Task\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D8\"\n                    data-col-index=\"3\"\n                    data-row-index=\"7\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        158,154\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A9\"\n                    data-col-index=\"0\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        8\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B9\"\n                    data-col-index=\"1\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1569.002\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C9\"\n                    data-col-index=\"2\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        System Services: Service Execution\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D9\"\n                    data-col-index=\"3\"\n                    data-row-index=\"8\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        111,354\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A10\"\n                    data-col-index=\"0\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        9\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B10\"\n                    data-col-index=\"1\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1036.005\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C10\"\n                    data-col-index=\"2\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        Masquerading: Match Legitimate Name or Location\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D10\"\n                    data-col-index=\"3\"\n                    data-row-index=\"9\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        108,328\u00a0                    <\/td>\n                                        <\/tr>\n                            <tr class=\"wpdt-cell-row \" >\n                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"A11\"\n                    data-col-index=\"0\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        10\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"B11\"\n                    data-col-index=\"1\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        1218.011\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"C11\"\n                    data-col-index=\"2\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        System Binary Proxy Execution: Rundll32\u00a0                    <\/td>\n                                                <td class=\"wpdt-cell \"\n                                            data-cell-id=\"D11\"\n                    data-col-index=\"3\"\n                    data-row-index=\"10\"\n                    style=\"                    padding:10px;\n                    \"\n                    >\n                                        72,162\u00a0                    <\/td>\n                                        <\/tr>\n                    <\/table>\n<\/div><style id='wpdt-custom-style-273'>\ntable#wpdtSimpleTable-273{ table-layout: fixed !important; }\ntable#wpdtSimpleTable-273 td, table.wpdtSimpleTable273 th { white-space: normal !important; }\n<\/style>\n\n\n\n\n<p>Among&nbsp;<a href=\"https:\/\/any.run\/cybersecurity-blog\/malware-ttps-explained\/\" target=\"_blank\" rel=\"noreferrer noopener\">widespread TTPs<\/a>,&nbsp;a new&nbsp;2025 leader is&nbsp;<strong>T1553.004&nbsp;\u2013&nbsp;Subvert Trust Controls: Install Root Certificate<\/strong>&nbsp;with 385K+ detections. This technique&nbsp;didn\u2019t&nbsp;appear&nbsp;on the list a year before, signaling a shift toward TLS&nbsp;interception, traffic inspection, and deep trust abuse.&nbsp;<\/p>\n\n\n\n<p>Second place is&nbsp;taken&nbsp;by&nbsp;<strong>T1036.003&nbsp;\u2013&nbsp;Masquerading: Rename Legitimate Utilities<\/strong>. This TTP moved two places up with a<strong>&nbsp;2.4x&nbsp;<\/strong>growth in total detections.&nbsp;<\/p>\n\n\n\n<p>Other&nbsp;recurring TTPs like&nbsp;<strong>T1059.003&nbsp;\u2013&nbsp;Command and Scripting Interpreter: Windows Command Shell&nbsp;<\/strong>and&nbsp;<strong>T1497.003 \u2013&nbsp;Virtualization\/Sandbox Evasion: Time-Based Checks<\/strong>&nbsp;&nbsp;<br>also&nbsp;experienced&nbsp;drastic increases&nbsp;in activity, confirming a rise in evasive behavior and the use of&nbsp;reliable execution methods, especially in phishing-delivered malware.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key Security Insights for Businesses in 2026&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Credential theft\u00a0remains\u00a0the primary risk:<\/strong>\u00a0Stealers and RATs tripled year over year, making identity compromise the fastest path to enterprise intrusion.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Phishing is now an access operation, not a one-off attack:\u00a0<\/strong>MFA-bypassing\u00a0PhaaS\u00a0kits enable scalable, repeatable breaches targeting employees at all levels.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Persistence outweighs speed:\u00a0<\/strong>Growth in backdoors, scheduled tasks, and\u00a0autostart\u00a0techniques shows attackers prioritize long-term access over quick impact.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Trust abuse is a top concern:\u00a0<\/strong>Root certificate installation\u00a0emerged\u00a0as the most detected technique, enabling traffic interception and stealthy control.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fewer actors, greater impact:\u00a0<\/strong>A small number of mature threat groups drove a disproportionate share of phishing and malware activity.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Behavioral visibility is critical:\u00a0<\/strong>The scale and sophistication of 2025 threats highlight the need for interactive analysis and fresh threat intelligence in 2026.\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">ANY.RUN: Integrated Detection Accelerates SOC Performance&nbsp;<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"522\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/imageinfolarge-1-1024x522.jpeg\" alt=\"\" class=\"wp-image-17790\" style=\"width:649px;height:auto\" srcset=\"\/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/imageinfolarge-1-1024x522.jpeg 1024w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/imageinfolarge-1-300x153.jpeg 300w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/imageinfolarge-1-768x392.jpeg 768w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/imageinfolarge-1-370x189.jpeg 370w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/imageinfolarge-1-270x138.jpeg 270w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/imageinfolarge-1-740x378.jpeg 740w, \/cybersecurity-blog\/wp-content\/uploads\/2026\/01\/imageinfolarge-1.jpeg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>ANY.RUN brings business impact through unified workflow\u00a0\u00a0<\/em><\/figcaption><\/figure><\/div>\n\n\n<p>Understanding what happened is the first step to knowing what to do next. This report is built on threat intelligence gathered from millions of real investigations conducted by 15,000+ SOC teams worldwide throughout 2025.&nbsp;For actionable insights, high-quality threat data, and in-depth, dynamic analysis available in your security system 24\/7,&nbsp;integrate ANY.RUN:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scalable Efficiency:<\/strong> Save time and\u00a0resouces\u00a0on manual triage and\u00a0unneccessary\u00a0escalations with analysts focused on\u00a0high-impact\u00a0work.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Risk Mitigation: <\/strong>SOC teams expose evasive threats in minutes, gaining real-time behavioral visibility\u00a0investigate\u00a0faster.\u00a0<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Smart Response:<\/strong>\u00a0Each investigation is enriched with historical context from millions of prior analyses, delivering broader coverage and significantly more actionable indicators.\u00a0<\/li>\n<\/ul>\n\n\n\n<!-- Regular Banner START -->\n<div class=\"regular-banner\">\n<!-- Text Content -->\n<p class=\"regular-banner__text\">\n<span class=\"highlight\">Make your business\u00a0attack-ready<\/span>\u00a0<br>\nDetect 90% of threats in under 60 seconds with ANY.RUN\n<\/p>\n<!-- CTA Link -->\n<a class=\"regular-banner__link\" id=\"article-banner-regular\" href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&#038;utm_medium=article&#038;utm_campaign=malware_trends_25&#038;utm_term=190126&#038;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noopener\">\nRequest access\n<\/a>\n<\/div>\n<!-- Regular Banner END -->\n<!-- Regular Banner Styles START -->\n\n<style>\n.regular-banner {\ndisplay: flex;\ntext-align: center;\nflex-direction: column;\nalign-items: center;\ngap: 1.5rem;\nwidth: 100%;\npadding: 2rem;\nmargin: 1.5rem 0;\nborder-radius: 0.5rem;\nfont-family: 'Catamaran Bold';\nmargin-inline: auto;\nbackground: rgba(32, 168, 241, 0.1);\nborder: 1px solid rgba(75, 174, 227, 0.32);\n}\n\n.regular-banner__text {\nfont-size: 1.5rem;\nmargin: 0;\n}\n\n.highlight {\ncolor: #ea2526;\n}\n\n.regular-banner__link {\npadding: 0.5rem 1.5rem;\nfont-weight: 500;\ntext-decoration: none;\nborder-radius: 0.5rem;\ncolor: #FFFFFF;\nbackground-color: #1491D4;\ntext-align: center;\ntransition: all 0.2s ease-in;\n}\n\n.regular-banner__link:hover {\nbackground-color: #68CBFF;\ncolor: white;\n}\n<\/style>\n<!-- Regular Banner Styles END -->\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion&nbsp;<\/h2>\n\n\n\n<p>Overall, 2025 was marked by&nbsp;strong growth&nbsp;in investigation&nbsp;activity, increased malware sophistication, and a clear shift toward persistence, evasion, and trust abuse&nbsp;among threat actors, underscoring the need for continuous monitoring and proactive threat analysis.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About ANY.RUN&nbsp;<\/h2>\n\n\n\n<p>ANY.RUN builds advanced solutions for malware analysis and threat hunting. Its interactive\u00a0<a href=\"https:\/\/any.run\/features\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=malware_trends_25&amp;utm_term=190126&amp;utm_content=linktosandboxanding\" target=\"_blank\" rel=\"noreferrer noopener\">malware analysis sandbox<\/a>\u00a0is trusted by 600,000+ cybersecurity professionals worldwide, enabling hands-on investigation of threats targeting Windows, Linux, and Android environments with real-time behavioral visibility.\u00a0<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/threat-intelligence-lookup\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=malware_trends_25&amp;utm_term=190126&amp;utm_content=linktotilookuplanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Lookup<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/any.run\/threat-intelligence-feeds\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=malware_trends_25&amp;utm_term=190126&amp;utm_content=linktotifeedslanding\" target=\"_blank\" rel=\"noreferrer noopener\">Threat Intelligence Feeds<\/a>&nbsp;help security teams quickly&nbsp;identify&nbsp;indicators of compromise, enrich alerts with context, and investigate incidents at&nbsp;early stages. This empowers analysts to gain actionable insights, uncover stealthy threats, and strengthen their overall security posture.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/any.run\/enterprise\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=malware_trends_25&amp;utm_term=190126&amp;utm_content=linktoenterprise#contact-sales\" target=\"_blank\" rel=\"noreferrer noopener\">Request ANY.RUN access for your company<\/a>\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently Asked Questions (FAQ)&nbsp;<\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1768890295888\"><strong class=\"schema-faq-question\">What is the Malware Trends Report 2025?\u00a0<\/strong> <p class=\"schema-faq-answer\">It is ANY.RUN\u2019s annual analysis of global malware activity in 2025, based on millions of sandbox investigations and billions of collected indicators.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768890303009\"><strong class=\"schema-faq-question\">What data is this report based on?\u00a0<\/strong> <p class=\"schema-faq-answer\">The report is derived from activity in ANY.RUN\u2019s Interactive Sandbox, reflecting real-world investigations conducted by security teams, researchers, and SOCs worldwide.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768890308177\"><strong class=\"schema-faq-question\">What were the most important threats in 2025?\u00a0<\/strong> <p class=\"schema-faq-answer\">Stealers, RATs, and phishing campaigns\u2014especially those using MFA-bypassing phishing kits\u2014were the most prevalent and impactful threats.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768890313559\"><strong class=\"schema-faq-question\">Why is phishing such a major concern for enterprises?\u00a0<\/strong> <p class=\"schema-faq-answer\">Phishing evolved into a scalable access mechanism in 2025, enabling attackers to bypass MFA, harvest sessions, and gain persistent access to corporate environments.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768890321129\"><strong class=\"schema-faq-question\">How did attacker techniques change in 2025?\u00a0<\/strong> <p class=\"schema-faq-answer\">Attackers increasingly relied on stealth, persistence, and trust abuse, including masquerading, sandbox evasion, and root certificate installation.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768890326263\"><strong class=\"schema-faq-question\">What does this mean for organizations in 2026?\u00a0<\/strong> <p class=\"schema-faq-answer\">Enterprises should prioritize behavioral detection, continuous monitoring, and fresh threat intelligence to detect evasive and persistent threats early.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1768890335357\"><strong class=\"schema-faq-question\">How can ANY.RUN help security teams respond to these threats?\u00a0<\/strong> <p class=\"schema-faq-answer\">ANY.RUN\u2019s Interactive Sandbox and threat intelligence solutions enable hands-on analysis, early detection, and faster response to modern, evasive attacks.\u00a0<\/p> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Summarizing&nbsp;the&nbsp;past year\u2019s threat&nbsp;landscape based on activity&nbsp;observed&nbsp;in&nbsp;ANY.RUN\u2019s Interactive Sandbox,&nbsp;this annual&nbsp;report&nbsp;provides insights into&nbsp;the&nbsp;most detected&nbsp;malware&nbsp;types, families, TTPs, and phishing threats of 2025.&nbsp; For&nbsp;additional&nbsp;insights, view ANY.RUN\u2019s&nbsp;quarterly malware trends&nbsp;reports.&nbsp;&nbsp; Key Takeaways&nbsp; Summary&nbsp; In 2025, ANY.RUN&nbsp;experienced&nbsp;significant&nbsp;growth&nbsp;alongside a rise&nbsp;in malicious activity.&nbsp;The numbers&nbsp;reflect&nbsp;a&nbsp;substantial growth&nbsp;of deep&nbsp;investigations and&nbsp;the&nbsp;detections of evasive threats&nbsp;facilitated&nbsp;by Interactive Sandbox:&nbsp; As investigation volume and behavioral visibility increase,&nbsp;15K+&nbsp;security teams gain earlier detection, richer [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":17817,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[80],"tags":[57,10,40],"class_list":["post-17780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-reports","tag-anyrun","tag-cybersecurity","tag-malware-behavior"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Malware Trends Report 2025: Core Business Security Risks<\/title>\n<meta name=\"description\" content=\"Discover malware\u00a0trends\u00a0of\u00a02025: key threats, phishing kits, TTPs, and malware families revealed from 6.8M ANY.RUN sandbox analyses.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"Article\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#article\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/\"\n\t            },\n\t            \"author\": {\n\t                \"name\": \"ANY.RUN\",\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"headline\": \"Malware Trends Report 2025: New Security Risks for Businesses in 2026\",\n\t            \"datePublished\": \"2026-01-20T08:00:04+00:00\",\n\t            \"dateModified\": \"2026-01-21T09:13:31+00:00\",\n\t            \"mainEntityOfPage\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/\"\n\t            },\n\t            \"wordCount\": 2110,\n\t            \"commentCount\": 0,\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"keywords\": [\n\t                \"ANYRUN\",\n\t                \"cybersecurity\",\n\t                \"malware behavior\"\n\t            ],\n\t            \"articleSection\": [\n\t                \"Reports\"\n\t            ],\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"CommentAction\",\n\t                    \"name\": \"Comment\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#respond\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": [\n\t                \"WebPage\",\n\t                \"FAQPage\"\n\t            ],\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/\",\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/\",\n\t            \"name\": \"Malware Trends Report 2025: Core Business Security Risks\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"datePublished\": \"2026-01-20T08:00:04+00:00\",\n\t            \"dateModified\": \"2026-01-21T09:13:31+00:00\",\n\t            \"description\": \"Discover malware\u00a0trends\u00a0of\u00a02025: key threats, phishing kits, TTPs, and malware families revealed from 6.8M ANY.RUN sandbox analyses.\u00a0\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#breadcrumb\"\n\t            },\n\t            \"mainEntity\": [\n\t                {\n\t                    \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890295888\"\n\t                },\n\t                {\n\t                    \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890303009\"\n\t                },\n\t                {\n\t                    \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890308177\"\n\t                },\n\t                {\n\t                    \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890313559\"\n\t                },\n\t                {\n\t                    \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890321129\"\n\t                },\n\t                {\n\t                    \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890326263\"\n\t                },\n\t                {\n\t                    \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890335357\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Reports\",\n\t                    \"item\": \"https:\/\/any.run\/cybersecurity-blog\/category\/reports\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 3,\n\t                    \"name\": \"Malware Trends Report 2025: New Security Risks for Businesses in 2026\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN&#039;s Cybersecurity Blog\",\n\t            \"description\": \"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\n\t            \"publisher\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"https:\/\/any.run\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": \"required name=search_term_string\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Organization\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"url\": \"https:\/\/any.run\/\",\n\t            \"logo\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"contentUrl\": \"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\n\t                \"width\": 1,\n\t                \"height\": 1,\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"image\": {\n\t                \"@id\": \"https:\/\/any.run\/\"\n\t            },\n\t            \"sameAs\": [\n\t                \"https:\/\/www.facebook.com\/www.any.run\/\",\n\t                \"https:\/\/twitter.com\/anyrun_app\",\n\t                \"https:\/\/www.linkedin.com\/company\/30692044\",\n\t                \"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"https:\/\/any.run\/\",\n\t            \"name\": \"ANY.RUN\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"https:\/\/any.run\/\",\n\t                \"url\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"contentUrl\": \"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\n\t                \"caption\": \"ANY.RUN\"\n\t            },\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"\n\t        },\n\t        {\n\t            \"@type\": \"Question\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890295888\",\n\t            \"position\": 1,\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890295888\",\n\t            \"name\": \"What is the Malware Trends Report 2025?\u00a0\",\n\t            \"answerCount\": 1,\n\t            \"acceptedAnswer\": {\n\t                \"@type\": \"Answer\",\n\t                \"text\": \"It is ANY.RUN\u2019s annual analysis of global malware activity in 2025, based on millions of sandbox investigations and billions of collected indicators.\u00a0\",\n\t                \"inLanguage\": \"en-US\"\n\t            },\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Question\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890303009\",\n\t            \"position\": 2,\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890303009\",\n\t            \"name\": \"What data is this report based on?\u00a0\",\n\t            \"answerCount\": 1,\n\t            \"acceptedAnswer\": {\n\t                \"@type\": \"Answer\",\n\t                \"text\": \"The report is derived from activity in ANY.RUN\u2019s Interactive Sandbox, reflecting real-world investigations conducted by security teams, researchers, and SOCs worldwide.\u00a0\",\n\t                \"inLanguage\": \"en-US\"\n\t            },\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Question\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890308177\",\n\t            \"position\": 3,\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890308177\",\n\t            \"name\": \"What were the most important threats in 2025?\u00a0\",\n\t            \"answerCount\": 1,\n\t            \"acceptedAnswer\": {\n\t                \"@type\": \"Answer\",\n\t                \"text\": \"Stealers, RATs, and phishing campaigns\u2014especially those using MFA-bypassing phishing kits\u2014were the most prevalent and impactful threats.\u00a0\",\n\t                \"inLanguage\": \"en-US\"\n\t            },\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Question\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890313559\",\n\t            \"position\": 4,\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890313559\",\n\t            \"name\": \"Why is phishing such a major concern for enterprises?\u00a0\",\n\t            \"answerCount\": 1,\n\t            \"acceptedAnswer\": {\n\t                \"@type\": \"Answer\",\n\t                \"text\": \"Phishing evolved into a scalable access mechanism in 2025, enabling attackers to bypass MFA, harvest sessions, and gain persistent access to corporate environments.\u00a0\",\n\t                \"inLanguage\": \"en-US\"\n\t            },\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Question\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890321129\",\n\t            \"position\": 5,\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890321129\",\n\t            \"name\": \"How did attacker techniques change in 2025?\u00a0\",\n\t            \"answerCount\": 1,\n\t            \"acceptedAnswer\": {\n\t                \"@type\": \"Answer\",\n\t                \"text\": \"Attackers increasingly relied on stealth, persistence, and trust abuse, including masquerading, sandbox evasion, and root certificate installation.\u00a0\",\n\t                \"inLanguage\": \"en-US\"\n\t            },\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Question\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890326263\",\n\t            \"position\": 6,\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890326263\",\n\t            \"name\": \"What does this mean for organizations in 2026?\u00a0\",\n\t            \"answerCount\": 1,\n\t            \"acceptedAnswer\": {\n\t                \"@type\": \"Answer\",\n\t                \"text\": \"Enterprises should prioritize behavioral detection, continuous monitoring, and fresh threat intelligence to detect evasive and persistent threats early.\u00a0\",\n\t                \"inLanguage\": \"en-US\"\n\t            },\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Question\",\n\t            \"@id\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890335357\",\n\t            \"position\": 7,\n\t            \"url\": \"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890335357\",\n\t            \"name\": \"How can ANY.RUN help security teams respond to these threats?\u00a0\",\n\t            \"answerCount\": 1,\n\t            \"acceptedAnswer\": {\n\t                \"@type\": \"Answer\",\n\t                \"text\": \"ANY.RUN\u2019s Interactive Sandbox and threat intelligence solutions enable hands-on analysis, early detection, and faster response to modern, evasive attacks.\u00a0\",\n\t                \"inLanguage\": \"en-US\"\n\t            },\n\t            \"inLanguage\": \"en-US\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Malware Trends Report 2025: Core Business Security Risks","description":"Discover malware\u00a0trends\u00a0of\u00a02025: key threats, phishing kits, TTPs, and malware families revealed from 6.8M ANY.RUN sandbox analyses.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"Malware Trends Report 2025: New Security Risks for Businesses in 2026","datePublished":"2026-01-20T08:00:04+00:00","dateModified":"2026-01-21T09:13:31+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/"},"wordCount":2110,"commentCount":0,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["ANYRUN","cybersecurity","malware behavior"],"articleSection":["Reports"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#respond"]}]},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/","url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/","name":"Malware Trends Report 2025: Core Business Security Risks","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2026-01-20T08:00:04+00:00","dateModified":"2026-01-21T09:13:31+00:00","description":"Discover malware\u00a0trends\u00a0of\u00a02025: key threats, phishing kits, TTPs, and malware families revealed from 6.8M ANY.RUN sandbox analyses.\u00a0","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890295888"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890303009"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890308177"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890313559"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890321129"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890326263"},{"@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890335357"}],"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Reports","item":"https:\/\/any.run\/cybersecurity-blog\/category\/reports\/"},{"@type":"ListItem","position":3,"name":"Malware Trends Report 2025: New Security Risks for Businesses in 2026"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890295888","position":1,"url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890295888","name":"What is the Malware Trends Report 2025?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"It is ANY.RUN\u2019s annual analysis of global malware activity in 2025, based on millions of sandbox investigations and billions of collected indicators.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890303009","position":2,"url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890303009","name":"What data is this report based on?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The report is derived from activity in ANY.RUN\u2019s Interactive Sandbox, reflecting real-world investigations conducted by security teams, researchers, and SOCs worldwide.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890308177","position":3,"url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890308177","name":"What were the most important threats in 2025?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Stealers, RATs, and phishing campaigns\u2014especially those using MFA-bypassing phishing kits\u2014were the most prevalent and impactful threats.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890313559","position":4,"url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890313559","name":"Why is phishing such a major concern for enterprises?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Phishing evolved into a scalable access mechanism in 2025, enabling attackers to bypass MFA, harvest sessions, and gain persistent access to corporate environments.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890321129","position":5,"url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890321129","name":"How did attacker techniques change in 2025?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Attackers increasingly relied on stealth, persistence, and trust abuse, including masquerading, sandbox evasion, and root certificate installation.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890326263","position":6,"url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890326263","name":"What does this mean for organizations in 2026?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Enterprises should prioritize behavioral detection, continuous monitoring, and fresh threat intelligence to detect evasive and persistent threats early.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"},{"@type":"Question","@id":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890335357","position":7,"url":"https:\/\/any.run\/cybersecurity-blog\/malware-trends-2025\/#faq-question-1768890335357","name":"How can ANY.RUN help security teams respond to these threats?\u00a0","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"ANY.RUN\u2019s Interactive Sandbox and threat intelligence solutions enable hands-on analysis, early detection, and faster response to modern, evasive attacks.\u00a0","inLanguage":"en-US"},"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17780"}],"collection":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=17780"}],"version-history":[{"count":40,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17780\/revisions"}],"predecessor-version":[{"id":17851,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/17780\/revisions\/17851"}],"wp:featuredmedia":[{"embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/17817"}],"wp:attachment":[{"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=17780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=17780"},{"taxonomy":"post_tag","embeddable":true,"href":"\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=17780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}