Summary: Malware Landscape and Evolution 2024–2025

By Eduard Bardaji on Apr 9, 2026 10:00:00 AM

<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Summary: Malware Landscape and Evolution 2024–2025</span>

Malware has become one of the most critical attack vectors for businesses, with an average cost per data breach of $4.88 million in 2024. These attacks can disrupt operations, exfiltrate sensitive information, and trigger regulatory penalties, directly impacting the continuity and security of any organization.

Key global trends 2024–2025

Growth of ransomware with double and triple extortion.
Increase in mobile malware (+111% mobile spyware, +29% mobile banking malware) and IoT (+45% attacks on devices).
Professionalization of initial access through Initial Access Brokers (IABs) and large-scale exploitation of vulnerabilities.
Automation of attacks and generation of variants using modular scripts.

Spain’s situation and recent evolution

Spain is among the countries most exposed to malware, with a notable increase in incidents between 2023 and 2024. According to INCIBE, 97,348 cybersecurity incidents were handled in 2024, a +16.6% increase compared to 2023. Of these, approximately 42,000 were related to malware, including trojans, infostealers, and loaders, affecting both individuals (67.6%) and businesses (32.4%).

Modern attacks show increased technical sophistication, incorporating:

Evasion of EDR/XDR solutions.
Use of Living-off-the-Land binaries (LOLbins).
Delayed execution and modular chains combining loaders and infostealers.

The most impacted sectors include manufacturing, healthcare, financial services, transportation, and telecommunications, where any disruption can lead to significant operational and financial consequences.

Artificial intelligence and malware

The adoption of generative artificial intelligence is transforming both offense and defense. Attackers automate the creation of malware variants and exploitation scripts, while organizations that integrate AI and automation significantly reduce detection times and incident-related costs, with estimated savings of up to $2.2 million per breach.

Benefits and risks of AI in malware:

Automates modular malware and infostealer campaigns.
Improves the precision and speed of attacks targeting mobile, IoT, and critical devices.
Increases the effectiveness of each campaign and makes detection harder for traditional systems.
Enables hyper-personalized attacks by combining public data, corporate profiles, and previous leaks.

Economic and operational impact

Malware generates direct and tangible impacts on business operations and financial performance. The global average cost of a malware-related data breach reached $4.88 million in 2024, including losses from data exfiltration, disruptions to critical services, and regulatory penalties.

In Spain, malware-related attacks accounted for more than 42,000 incidents, affecting key sectors such as:

Manufacturing and industry
Healthcare
Financial services
Transportation and telecommunications

Want to learn more?

At ESED, we have developed a detailed report: Malware Cyberattacks Summary 2025. It provides a comprehensive analysis with data and specific defense strategies for businesses, covering the state of malware cyberattacks both globally and in Spain. Download the full report in the banner below.

Cybersecurity solutions

Ethical hacking: ESED Attack

Antiphising

Antivirus: Endpoint XDR/MDR

phising Simulation

Backups

Secure passwords

Firewall

Compliance services

ENS compliance alignment

NIS2 directive compliance

ISO 27001 certification

Customer stories

Eignapharma

La puta suegra

Excelium

Petam: Vulnerability scanner

GO TO PETAM

WWatcher: Prevents data leakage

GO TO WWATCHER

Calculator: Cost of cyberattack

CALCULATE COST

ESED Academy: Resources

Blog