CP
cyberpings
Malware & RansomwareHIGH

Malware - Insights from 2025 Malicious Infrastructure Report

RFRecorded Future Blog
Cobalt StrikeVidarAsyncRATmalware-as-a-serviceGrayBravo
🎯

Basically, the report shows how malware changed in 2025 and what it means for security.

Quick Summary

Insikt Group's 2025 report reveals significant malware trends, including the rise of infostealers and evolving tactics. Organizations must adapt their defenses to stay ahead of these threats. Key insights can guide security strategies for the upcoming year.

What Happened

In 2025, Insikt Group expanded its tracking of malicious infrastructure, revealing key insights into various malware families and threat categories. The report highlights the ongoing dominance of Cobalt Strike, while also noting its declining share of command-and-control (C2) servers as new tools gain traction. Notably, Vidar and other infostealers emerged as significant players, filling gaps left by disrupted operations of previous malware families.

The report also emphasizes the rise of tools like RedGuard, Ligolo, and Supershell, which have gained popularity among cybercriminals. This shift indicates a dynamic landscape where threat actors continuously adapt to law enforcement actions and evolving detection capabilities.

Who's Being Targeted

The primary infection vector in 2025 remained infostealers, particularly through malware-as-a-service (MaaS) offerings. Organizations across various sectors are at risk, especially those that rely heavily on digital infrastructure. The volatility in the infostealer ecosystem, with Vidar outperforming competitors, underscores the urgent need for enhanced security measures.

Additionally, the report notes that Android malware continued to dominate the mobile threat landscape, with nine of the top ten malware families targeting mobile devices. This trend emphasizes the importance of securing mobile platforms against emerging threats.

Signs of Infection

Organizations should be aware of several indicators of compromise associated with the evolving malware landscape. Key signs include unusual network traffic patterns, unexpected spikes in access to command-and-control servers, and the presence of known malware families like AsyncRAT and QuasarRAT.

To effectively combat these threats, it is crucial to implement robust network monitoring capabilities and deploy detection mechanisms such as YARA, Sigma, and Snort rules. Continuous monitoring and threat simulations can help organizations validate their defensive posture against these prevalent malware families.

How to Protect Yourself

To safeguard against the evolving threats identified in the report, organizations should prioritize the following actions:

  • Enhance detection capabilities to identify and mitigate prevalent malware families.
  • Invest in threat simulations to assess the effectiveness of current security measures.
  • Monitor the broader threat landscape for emerging trends and tactics used by threat actors.

As malicious infrastructure continues to evolve, organizations must remain vigilant and adaptable. By leveraging insights from the 2025 report, defenders can strengthen their security controls and better prepare for the challenges that lie ahead in 2026.

🔒 Pro insight: The shift towards malware-as-a-service highlights the need for organizations to enhance their detection and response capabilities against evolving threats.

Original article from

Recorded Future Blog

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Android Malware - New Threat Hides in Streaming Apps

A new Android malware named Perseus is hiding in streaming apps to steal passwords and spy on personal notes. Users in Turkey and Italy are primarily affected. This poses a significant risk to personal data security. Stay vigilant and protect your devices.

The Record·
HIGHMalware & Ransomware

Ransomware - Affiliate Exposes 'The Gentlemen' Operation Details

A ransomware affiliate leaked vital details about 'The Gentlemen' operation, revealing their tactics and internal conflicts. This poses significant risks for targeted organizations. Cybersecurity experts urge immediate action to mitigate potential threats.

Infosecurity Magazine·
HIGHMalware & Ransomware

DarkSword - New iOS Exploit Tool Targets Global Users

DarkSword is a new iOS exploit kit used in attacks across multiple countries. Targeting sensitive data, it poses significant risks to users. Stay informed and protect your devices against this emerging threat.

Security Affairs·
HIGHMalware & Ransomware

Mobile Banking Malware - Global Surge Targets Financial Apps

A global surge in mobile banking malware is impacting over 1200 financial apps. This shift poses serious risks as fraud migrates to user devices. Financial institutions must enhance app security to combat these threats.

Infosecurity Magazine·
HIGHMalware & Ransomware

Malware Alert - Multi-Stage PureLog Stealer Attack Uncovered

A new multi-stage attack campaign has been uncovered, delivering PureLog Stealer through stealthy, fileless methods. Key industries are at risk, as this malware evades traditional defenses. Organizations must enhance their security measures to combat these sophisticated threats.

Trend Micro Research·
HIGHMalware & Ransomware

Interlock Ransomware - Exploited Cisco Firewall Zero-Day

The Interlock ransomware gang exploited a Cisco firewall zero-day before it was publicly disclosed. This poses serious risks to various organizations, especially in critical sectors. Awareness and proactive measures are essential to mitigate such threats.

The Record·