See if your information has been exposed in a data breach with our latest free tool Check Now

Malware Statistics in 2022: The Evolving Cyber Threat

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

Malware statistics in 2022 have demonstrated a serious financial loss for organisations and individuals. Malware, also known as a malicious software is designed to damage or disable computers and computer systems.

The malicious software can be spread in a number of ways, including email attachments, file sharing, and malicious websites. There are a variety of different types of malware, including viruses, Trojans, spyware, and adware. Malware can have a number of serious consequences for businesses, including data loss, system damage, and financial loss.

Cybercriminals often use malware to steal sensitive information or to extort money from businesses. It is important for CFOs and security professionals to be aware of malware and it’s several forms. Therefore, steps need to be in place to protect computers and networks safely. So, what do we know about malware in 2022? Keep reading to find the latest statistics.

Author’s Top Picks

  • 80% of malware has increased in new malicious software on Macs.
  • The top 5 countries affected by targeted malware attacks were the U.S., India, Japan, Taiwan, & Ukraine.
  • 49% of non-point-of-sale malware was installed via malicious email.
  • In 2020, 61% of organisations experienced malware activity that spread from one employee to another.
  • Trojans account for 64.31% of all malware attacks on Windows systems, followed by viruses at 15.52%.

Malware statistics

1. The number of new mobile malware variants increased by 54% in 2017.

Malware threats in the mobile space continue to grow year-over-year, with no end in sight. This is a trend that is only going to continue, as more and more people use their mobile devices for everything from banking to shopping to social media.

2. 80% of malware has increased in new malicious software on Macs.

Malware is a type of software designed to harm or disrupt computer systems. The malware problem has become increasingly serious for Mac users in recent years. Security incidents can lead to the disclosure of confidential information, financial loss, and legal liability.

3. According to a survey conducted by BitDefender from January to June 2009, "trojan-type malware is on the rise, accounting for 83% of the global malware detected in the world".

Trojan horse malware is a particularly insidious type of malware that masquerades as a benign program or file to access a computer system. Once it has gained entry, it can be used to damage systems, steal data, or allow someone else to take control.

4. BitDefender has stated that approximately 15% of computers are members of a botnet, usually recruited by trojan infection.

While Trojan horses are typically spread via email attachments or malicious websites, they can also be spread by worms. BitDefender, the anti-virus company, states that Trojan horses are becoming more common.

5. The top 5 countries affected by targeted malware attacks were the U.S., India, Japan, Taiwan, & Ukraine.

Malware statistics demonstrate that attacks are common and can spread from business to business. According to data, Norton reports that hundreds of organisations are hit with targeted attacks from a range of countries. The United States was the country most affected, totaling approximately 303 attacks between 2015 and 2017.

6. In 2000, a Trojan called ILOVEYOU became the most destructive cyberattack in history at the time, with damages estimated up to $8.7 billion.

All it takes for a Trojan to activate is a click of a button. The most destructive cyberattack occurred when recipients received an email with text attached “ILOVEYOU”. The malicious software was initiated when recipients opened the attachment, which caused script codes to be overwritten on every email in the user’s contact list.

7. In fact, Malwarebytes detects all known Trojans and more, since 80% of Trojan detection is done by heuristic analysis.

Adware and malware are a constant threat to computer users. While many free programs can detect and remove these malicious files, they can be difficult to spot.

8. An unprotected computer is likely to be attacked within an hour after connection to the Internet.

It is estimated that the average time between the exposure of a vulnerability and the creation of an exploit is 6.8 days. This means that an unprotected computer is likely to be attacked within an hour after being connected to the Internet.

9. Malware software is estimated to have infected over 3.6 million computers in the USA, including machines owned by NASA, Bank of America and the US Department of Transportation.

The Zeus/Zbot malware package is a client-server program with deployed instances calling back to their home base, the “Zeus Command & Control” centre. They are also considered to be one of the top malware in 2022.

The Zeus software allows hackers (and possibly others) to access your computer and loot its information. The estimated number of computers infected in America alone surpassed 3 million – including ones owned by NASA or Bank Of America as well as various departments within the Department of Transport.

Computer virus statistics

10. 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the WannaCry virus in 2017, at a total average cost of $4 billion.

On May 12, 2017, a massive ransomware attack known as WannaCry began spreading across the globe. Within hours, 100,000 groups in 150 countries had been infected, with a total of 400,000 machines impacted.

11. 49% of non-point-of-sale malware was installed via malicious email.

A computer virus is a type of malware that is designed to spread from one computer to another. One of the ways that businesses can be exposed to the computer virus is through email. It only takes one person to open an email attachment or click on a malicious link to unwittingly infect their computer.

12. Over the last year, Mac operating system malware increased by 165%.

Malware attacks can occur on any device such as mobile, computers or even printers. Even with Mac’s defensive systems in place in their operating systems, they are still being attacked with updated malicious software.

13. Recent computer virus stats show that 53% of viruses are spread by .exe files, with .pdf files only accounting for 6%.

This is largely due to .exe files can be automatically executed by many programs, whereas .pdf files require the user to take action to open them. As a result, it is important to be cautious when opening any type of file from an untrusted source.

14. More than 6000 new computer malware-viruses are created and released every month.

Computer viruses are a serious threat to businesses and CFOs. More than 6000 new viruses are created every day, and old ones are continually evolving to become more sophisticated and more difficult to detect.

15. Facebook will pay $500 to a person, who will find a vulnerability in its system.

To boost security, businesses often test their security systems to make sure they are defended against sophisticated targeted attacks. The social media giant Facebook is offering a hefty reward to anyone who can find a vulnerability in its system. In doing this, Facebook is hoping to encourage people to report any potential security risks before they can be exploited.

16. In 2020, 61% of organisations experienced malware activity that spread from one employee to another.

It has been reported that employees are now spreading malware to other workers through different means. This could be because phishing attacks have become more sophisticated, while at the same time working from home may bring about distractions that lead people to behave erratically online.

Trojan statistics

17. Trojans account for 64.31% of all malware attacks on Windows systems, followed by viruses at 15.52%.

Trojans known as Trojan Horse are malicious programs that disguise themselves as legitimate software to trick users into installing them.

18. In Q2 2021, Kaspersky products and technologies protected 97,451 users from trojan attacks.

Kaspersky’s products and technologies help to protect users from trojan attacks by detecting and blocking the malware before it can infect their system. With the number of trojan infections increasing, businesses and individuals must be cautious as infections are commonly spread through email attachments or infected websites.

19. The top 5 countries attacked by Trojans (malware) were Bangladesh, Ethiopia, China, Pakistan & Egypt.

According to Kaspersky, trojan attacks increased by 3.5 per cent in the past year. This malicious software has spread across the globe attacking locations like China, Bangladesh and more. No country is safe, therefore cybersecurity must be a number one priority.

20. There were more than 38,000 mobile banking Trojans detected last year.

A common objective for cybercriminals is to attain financial gains. Their strategy when attacking the financial industry is by using a Trojan horse to gain access to sensitive banking information. CFOs are hit hard when these attacks occur and can have a serious financial impact on the business.

21. Trojans account for 58% of malware attacks.

When it comes to malicious software, Trojans are the most common. Almost 6 to 10 pieces of computer malware fall into the Trojan horse category. They are also becoming more and more experienced in attacking different sectors of business.

22. In 2020, 70% of the 52% of attacks that went after financial institutions came from the Kryptik Trojan malware.

According to the Hub Security 2021 report, 70% of the 52% of attacks were Trojan malware. This attack targeted the Financial & Insurance sector.

23. More than 68,000 new ransomware Trojans for mobile were found in 2019.

Ransomware attacks and employees accessing sensitive information from their mobile devices pose a risk to company data. To protect company data, it is important to have resources available and to avoid paying ransom.

Spyware statistics

24. About 80% of all Internet users have their systems affected by spyware.

CFOs are under constant threat from cyber attacks. One of the vast majority and dangerous attacks is known as spyware. Spyware is one form of malware that is installed through email or a website on a CFO’s or employee’s computer without their knowledge.

25. Overall business detections of malware rose 79% from 2017 due to an increase in backdoors, miners, spyware, and information stealers.

From 2008 to 2019 malware infections saw a significant increase from 12.4 million to 812.67 million according to Purplesec. Viruses and infections are adapting to the modern business landscape with software types becoming smarter and harder to detect.

26. Small and medium-sized organisations have "major problems" with spyware - representing 40% of all security downtime costs.

CFOs in small and medium-sized organisations are all too familiar with the high cost of downtime caused by “malware” security breaches. A recent study found that malware now represents 40% of all security downtime costs across all industries – and the problem is only getting worse.

27. 86% of adults are unaware of stalkerware or have only heard the name, meaning only 14 per cent are familiar with spyware or creepware.

Stalkerware can be installed on a victim’s phone without their knowledge and used to track their movements, listen to their conversations, and even remotely activate the camera. Stalkerware can be used in offices to steal confidential information or gain access to critical data.

Organisations can prevent stalkerware from being stalled by installing security applications to scan for malware or stalkerware apps.

28. Malware and spyware present the highest cost damages for organisations, followed by data breaches.

When it comes to evaluating the true cost of digital fraud a combination of factors is involved. Other than the loss of data, disruption of business and reputational cost. Financial damages and impacted cash flow is hit hard on organisations and greatly impact CFOs.

Scareware statistics

29. In 2006, Microsoft and the Washington State Attorney sued an alleged spyware company.

Microsoft Corp. and the Washington state attorney general have filed lawsuits against anti-spyware software vendor ‘Secure Computer LLC’, claiming that their Spyware Cleaner product not only fails to remove spyware as advertised but also makes changes on your computer making the user more vulnerable.

30. More than 60 countries were affected to buy more than $100 million worth of scareware software.

Unfortunately, there are scammers and cybercriminals who try to get you into their fake antivirus software with a seemingly genuine security warning. Once installed, the software could compromise your computer giving the scammer access.

31. In 2010, the website of the Minneapolis Star Tribune newspaper was attacked by cybercriminals and managed to make $250,000 before being arrested.

The newspaper website Minneapolis Star Tribune had served ads that were created with malicious intent. This directed users to a fake website that had prompted them with a pop up informing them that they had been infected.

32. In March 2019, Office Depot and tech support, “” conducted a support scam.

The Office Deport and its tech support vendor agreed to pay for a settlement worth $35 million due to deceiving customers into downloading a free PC Health Check Program. In this case, there was no malicious intent. However, it was used to drive sales of the tech support vendor while the software did not operate with full functionality.

33. ChronoPay, a Netherlands-based company that was once hailed as Russia’s largest online payment processor, was tied to various scareware schemes.

According to a report by Krebs on Security, ChronoPay, an internet payment service provider, was exposed by owning scareware companies and had paid for their domain names and other operations. The leaked records also depict how vigilant ChronoPay had worked in order to sustain these unethical work ties.

Worm statistics

34. Computer Worms Infected 10% of the Internet.

In the late 1980s, the “Morris Worm” was notably a notorious computer worm that had infected 1 in 10 internet-connected computers at the time. Thousands of other worms have since emerged, though none have compared to the Morris worm in terms of infectability.

35. Conficker, a 2008 worm, infected millions of computers and created vast botnets.

Bot worms are designed to turn computers into zombies or bots, which can be used in coordinated DDoS attacks through botnets. Conficker infected millions of internet users and created vast pools for malicious purposes with its 2008 worm outbreak.

Similar to computer viruses, bot worms are malware infections that are capable of duplicating themselves and spreading between computers. This can be very troublesome to organisations as a typical bot attack can last up to weeks or months.

36. Computer worms have caused billions of dollars in damage over the past decade.

The Stuxnet computer worm was discovered in 2010 and created by the United States and Israel in order to target the Iranian nuclear power plant. The computer worm was successful and caused billions of dollars in damages by crashing 984 centrifuges in the facilities of the power plant, setting back production capabilities by 2 years.

37. In 2007, the Storm Worm infected over 1.2 billion emails that were sent over the course of 10 years.

Malware created in 2007, called Storm Worm, sought to take advantage of people’s fear and panic during times when they are most vulnerable. The email virus tells recipients that their computers have been taken over by hackers, who will then demand money or passwords for access. If no response is received within 24 hours, the hackers will threaten legal action.

38. "Phatbot" spread to millions of computers in 2004.

Phatbot is a computer worm that has been known to cause extensive damage to systems it infects. The worm spreads by taking advantage of security vulnerabilities in Windows systems, and once it has infected a system it can give the attacker complete control over the PCs and devices.

39. The Flame virus was discovered in 2012 and is regarded as one of the most sophisticated computer worms ever found.

The Flame virus, a deadly computer worm created as part of an international cyber program, shares many similarities with the Stuxnet worm. The Flame virus was designed to disrupt Iran’s nuclear weapon program by infecting thousands of computers and causing billions of dollars in damage. The virus continued to spread across the Middle East after it was first released.

40. The SQL Slammer computer worm infected roughly 75,000 victims in only 10 minutes.

There are different types of computer worms such as email worms, instant messaging worms, file sharing worms & internal worms. The SQL slammer was notably a destructive computer worm that targeted Microsoft’s SQL server in 2003. The SQL slammer was highly effective, approximately infecting 75,000 individuals throughout the globe.


There are many different types of malware, but the most common form is a virus. A virus is a type of malware that replicates itself and spreads to other computers. Virus infections can cause a variety of problems, from pop-ups to serious data loss.

A computer virus is a type of malicious code that is designed to replicate itself and spread from one computer to another. Virus infections can be caused by opening emails or attachments, downloading infected files, or visiting websites that contain malicious code. Much like other forms of malware, viruses can be spread through physical devices, such as when an infected USB drive is plugged into a computer.

According to Statista, Iran is currently leading in mobile malware infections in 2021. Followed by, Saudi Arabia, China, Algeria, India, Malaysia, Ecuador, Brazil, Nigeria & Bangladesh.

While it is difficult to estimate how many PCs are infected with malware at any given time, some studies suggest that one in three computers worldwide may be infected. This means that millions of people are at risk of having their personal information stolen or their systems damaged by malware.

Malware is a type of software designed to damage or disable computers. It can also be used to steal personal information, such as credit card numbers.

A VPN, or virtual private network, is a type of security software that encrypts your internet traffic and routes it through a secure server. This has the effect of making it much more difficult for hackers to intercept your data or track your online activity. However, a VPN cannot directly protect you from malware.

Essentially, a VPN cannot stop malware. That’s why it’s important to take precautions and maximise your security controls to minimise the risk of malware.

In today’s digital age, antivirus programs are an essential part of maintaining a secure computer. However, many people wonder whether these programs can really protect against all cyber threats. The answer is that no single program can offer 100% protection. However, a good antivirus program can provide a high level of security.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.