July 20, 2018 | Research
  • Share:

The AV-TEST Security Report 2017/2018: The latest Analysis of the IT Threat Scenario

Cybercriminals are relying on ever more effective weapons. And opening up new business segments, including the markets of the future, "Internet of Things" and cryptocurrencies, long before they can even be effectively protected. The latest analysis in the Security Report issued by AV-TEST reveals some of the threats still facing consumers and corporate users.

AV-TEST Security Report 2017/2018 –

the latest analysis of the IT threat scenario


Trend: malware development has doubled

Since October 2017, the detection systems of the AV-TEST Institute have seen a doubling of the monthly development of new malware. Whereas new malware figures were measured at just around 7,629,305 samples in October 2016, they numbered 17,445,659 in the same month one year later! This made October the month with the second-highest number ever recorded for newly developed malware programs since statistics were first compiled by AV-TEST. Only in August 2014 was a larger malware wave registered.

Ransomware versus crypto miners

Aside from purely quantitative aspects, a look back on the past year compared to the 1st quarter of 2018 offers additional interesting insights into the economic trend of the "criminal IT industry". This is signaled by the proliferation statistics of ransomware, which dropped significantly in the 1st quarter of 2018. Whereas the quantity of new ransomware samples in 2017 tripled with 61,239 variants compared to the previous year (20,413 variants), these blackmailer Trojans have been in retreat in the 1st quarter of 2018. As an income source, however, ransomware remains lucrative for criminals. Apparently, the cybercrime industry has also been able to open up new business models, earning higher profits while at the same time reducing costs.

This involves crypto mining malware, i.e. malware code, that shovels digital profits immediately and directly into anonymous online accounts of cybercriminals, minimizing any lost profits – e.g. otherwise occurring due to victims' unwillingness to pay, the restriction to certain operating systems and types of devices, as well as administrative overhead. Thus, it should come as no surprise that there is explosive growth in the number of malware programs secretly abusing the performance of infected devices to calculate digital currencies.

Overall development of malware

Last year as well, the number of newly developed malware samples remained below the numbers of the previous year – at least in the first three quarters.

zoom ico
Development of Windows malware

Distribution of various malware classes under Windows

zoom ico
Development of crypto miners

The number of malware programs secretly abusing the performance of infected devices to calculate digital currencies, has been experiencing explosive growth.

zoom ico
Development of Linux malware

The development of malware for Linus-based systems will experience enormous growth in 2018.

zoom ico


Overall development of malware


Development of Windows malware


Development of crypto miners


Development of Linux malware

Windows: the No. 1 target

Anyone seeking to efficiently plan and implement large-scale malware attacks is well advised to plant their malware samples in the vulnerabilities of the world's most widely distributed software ecosystem. This consistently makes the operating system from Redmond the most heavily-attacked software platform. In 2017, over 67 percent of all malware attacks were aimed at Windows systems. Compared to the previous year, however, the overall number of newly developed Windows malware samples has declined by just under 3 percentage points, which is a relief, on paper.

Android protection remains critical

Conversely, the intensity of attacks on Google's mobile platform continued to increase: 6.5% of all malware in 2017 targeted Android devices. Compared to the previous year, an increase of 0.88 percentage points. What sounds marginal has a devastating effect in reality, as up to now, only few mobile devices under Android provide a security app, much less deploy effective virus protection. At the same time, one out of three Android devices used worldwide is running on an out-of-date version of the operating system (Version 1.1 to 5.1.1) for which no more security updates are available. No more than 5.2% of all Android users are running the current Android-Version 8 aka "Oreo" version equipped with security updates!

Fivefold increase in macOS malware

In last year's Security Report, the AV-TEST Institute's measurement systems recorded a dramatic increase in malware figures for macOS of 370 percent over the previous year. This trend also continued unabated in 2017. While a total of 6,959 newly programmed malware samples targeted Apple computers in 2016, this figure increased fivefold to 37,030 new malware samples last year. In total, the volume of malware developed for macOS has been increasing steadily for ten years now.

IoT malware: a battle for the market of the future

Even if cautious forecasts by market research firms come true, over 830 million wearables and 20.8 billion networked devices will be deployed around the globe by the year 2020. These are numbers that thrill not only companies but also cybercriminals. This creates a volatile cocktail: On one side, there are product manufacturers without expertise in IT security, who always want to quickly launch their products onto the booming market. On the other side, the cybermafia, with a vast arsenal of already functioning and tested malware programs, is ready to ambush the masses of devices and online services offering them ample vulnerabilities for the proliferation of malicious codes. To that extent, one market is driving the other. The consumers are bearing the risk and footing the bill.

Download the complete report for free

Additional information and detailed metrics on the proliferation of malware and other malicious applications are provided in the comprehensive Security Report by the AV-TEST Institute. You can download the report here free of charge.


Regular tests of smart home products and information on IoT devices with certified security can be found in our IoT Security Blog.

Would you like to know which protection program and which security app offers the best possible protection for your devices? AV-TEST offers you information on detection rates, usability and performance of all known security solutions, also free of charge. You can look up the results of the tests carried out monthly.

If you would like to regularly keep up to date on information from our institute concerning all aspects surrounding the topic of IT security, such as tests on smart-home products, wearables, fitness trackers or health apps and parental control applications, you can receive prompt and current information via our monthly security newsletter.

Social Media

We want to stay in touch with you! Now there is an easy way to receive regular updates on the latest news and test releases.