- Статьи
- Internet and technology
- Virus download: the number of malware attacks increased 7.7 times in a year
Virus download: the number of malware attacks increased 7.7 times in a year
In 2026, the number of requests related to the spread of malicious software increased by 7.7 times compared to 2025. The explosive growth is associated with the active use of new technologies by hackers, including artificial intelligence, which makes it possible to create unique viruses faster, as well as with the growth of vulnerabilities in corporate networks, experts say. How to protect yourself is in the Izvestia article.
How to attack with malware
In February 2026, the number of requests related to the spread of malicious software on the Runet reached a record level, the coordination center for .RU/.RF domains (CC) told Izvestia. Within the framework of the Domain Patrol project, 2,718 appeals were sent to registrars about the distribution of VPO, which is 3.6 times higher than in January this year. At the same time, from January 1 to March 10, 2026, the number of complaints reached 7,778, which is 7.7 times higher than the same period last year.
The explosive growth of attacks using VPO is associated with the active use of new technologies by attackers, including artificial intelligence, which makes it possible to create unique viruses faster, as well as with the growth of vulnerabilities in corporate networks, said Evgeny Pankov, a data analyst at CC.
"The main purpose of attacks using VPO is to gain access to the user's device," he pointed out. — Once infected, attackers can steal personal data, break into banking applications, and even fully control the device.
Malware is most often distributed through phishing pages of popular brands and bots on Telegram, and many attacks are aimed at Android devices, the expert recalled.
— We see a very rapid increase in such attacks.: Today, in terms of the number of detected cases, they are already overtaking phishing and becoming one of the main threats on the Runet," Evgeny Pankov emphasized.
The increase in the number of incidents related to the spread of malware was also confirmed by Alexander Dvoelozhkov, an analyst at Infosecurity Softline Solutions' Digital Threat Analysis and Assessment department.
— There is an increase in the activity of distribution directly through messengers, — he said. — This surge is largely due to the development of artificial intelligence: with its help, it has become easier for attackers to create fake company websites that are extremely difficult to distinguish from the official ones. In addition, AI makes it easy to generate bots to automatically launch fraudulent operations.
In 2025, an average of 500,000 new malicious files were detected daily, said Alexander Liskin, head of Threat Research at Kaspersky Lab. This is 7% more than in 2024.
—Web threats, that is, malware that penetrates devices via the Internet, affected the devices of 34% of users in Russia," the expert noted. — Web threats are not limited to online activity, but at some stage of their penetration into the device, the Internet is involved in one way or another.
How viruses spread
Hackers spread viruses through phishing attacks, for example, by sending messages to victims with malicious attachments or links, as well as by embedding malicious code in pirated software, Alexander Dvoelozhkov recalled.
"In our practice, there was a case of a targeted attack on a company: attackers sent malware disguised as draft contracts and technical specifications," he said. — The files inside the archive had a double extension, imitating PDF documents. Their launch led to the activation of a Trojan that stole credentials from corporate services.
One of the most significant discoveries was the discovery of commercial Dante spyware in a real malware campaign, Operation Forum Troll, Alexander Liskin said.
"It exploited a zero—day vulnerability in the Chrome browser," he said. — Vulnerabilities are still the most popular way for intruders to enter corporate networks, followed by the use of stolen credentials, hence the increase in the number of password theft and spyware programs that we have seen this year.
Attacks on the software supply chain, including open source software, are also common. This year, their number has increased significantly — for the first time, the self-replicating NPM worm Shai-Hulud has also been recorded.
To implement attacks, attackers can use generative neural networks without built-in security mechanisms, said the head of BI.ZONE Threat Intelligence Oleg Skulkin.
"Such models can be useful in automating tasks, such as generating phishing emails or malicious code," the expert explained. — However, their capabilities are overestimated: such solutions do not create turnkey cyber attacks, they require expertise, and the results often need to be finalized.
Attackers use generative models with different motivations, including financial gain, cyber espionage, and hacktivism. This is because AI significantly speeds up malware development and lowers the entry threshold for attacks.
Phishing remains one of the key attack mechanisms, and deepfakes are also widely used, said Vitaly Rabets, director of the IT department of the Russian information security company UDV Group.
"Voice and video messages from alleged supervisors or partners significantly reduce the critical perception of information," he said. — Neural networks also allow you to create HPE even for those who do not have deep knowledge of programming and do not understand the architecture of a particular information system. In addition, they can be used to easily add unique features.
According to the Solar 4RAYS Cyber Threat Research Center of the Solar Group of companies, in 2025, almost a third of malware infections occurred in industrial organizations. Healthcare and fuel and energy sector are also among the top most "infected" organizations. In the fourth quarter of 2025, there were 1,205 such cases per fuel and energy company, and this is 20 times more than in 2024, which makes the industry the absolute leader in the intensity of such cyber attacks.
How to protect yourself
The spread of threats directly through messengers is now gaining momentum. The specifics are that the attack is not aimed at individual users, but at entire communities, Alexander Dvoelozhkov added. Trojans created to infect devices and steal payment data through the interception of push notifications and SMS are especially common.
— A typical scenario: scammers send a link to a messenger channel to a chat with information: "The day before yesterday, we crashed in an accident, look...", he explained. — People, excited by the news, click on the link and open the file with the .apk or .exe extension in a hurry. It turns out to be the Trojan inside. The calculation is simple: the more participants there are in a chat, the more likely it is that someone will get caught.
In addition to malicious software, other types of attacks are also increasing, Vitaly Rabets confirmed.
"In most cases, the point of entry into the infrastructure is the exploitation of vulnerabilities in web applications," he said. — Today, almost any business depends on web services - personal accounts, information sites, APIs. At the same time, many companies do not have the opportunity to regularly conduct security audits or save on it, considering protection as a secondary expense item.
As a result, vulnerabilities in such services remain uncovered and available for exploitation for a long time. For attackers using neural networks, such gaps become an easy target.
To protect yourself, you need to use a high-quality antivirus that helps detect and remove malware, experts stressed. It is important to regularly create backups and store data on external media to minimize information loss in the event of a cyber attack.
You should avoid downloading pirated software and not forget about the human factor: be vigilant when clicking on links and working with emails, do not open files from unknown senders and check websites for signs of phishing.
In addition to implementing modern reliable security solutions, it is important for organizations to use up-to-date data to understand the actions of intruders, as well as regularly update software on corporate devices, restrict access to remote services and protect them with complex passwords.
Переведено сервисом «Яндекс Переводчик»
