Common malware is dead.

2025.10.19 · Analysis and study of Italian .NET Windows ransomware.

Is common malware really "dead"?

The title is straightforward and reflects a real trend: common malware is in sharp decline.

It has not disappeared entirely, but its relevance is now greatly reduced.

What do I mean by "common malware"?

By common malware, I am referring to those families that dominated the Windows landscape until a few years ago, mainly stealers and droppers, such as Redline, Lumma, Amadey, Raccoon, etc.

Is the decline really happening?

The data confirms this trend.

A quick analysis of the main malware analysis platforms, such as Any.Run and Tria.ge, shows a drastic reduction in new samples compared to the past. CrowdStrike's Global Threat Report 2025 also clearly confirms this trend.

Why this decline?

It is not so much a question of "cybercrime no longer paying off" as it is of a radically changed technological and operational context.

Some of the main factors are:

• Advanced credential protection: The implementation of systems such as App Bound Encryption (ABE) has made it more difficult to steal credentials from browsers. To circumvent this, advanced techniques such as process hollowing are now required, which are often more risky and detectable.
• Spread of multi-factor authentication (MFA): stolen credentials "as is" have significantly reduced value.
• Improved endpoint solutions: Preinstalled tools such as Windows Defender have achieved much higher levels of effectiveness than a few years ago.

In summary, developing malware for generic targets is now much more expensive and less profitable.

But it's not all sunshine and roses. The decline in common malware does not mean greater security.

On the other hand, we are seeing a massive increase in phishing attacks in all their forms, with a surge in vishing, often managed with artificial intelligence tools.

The human component, which is more vulnerable and easier to manipulate, remains the weak link most exploited by criminals.

Is it a good thing that there is less common malware?

From my point of view, no.

For end users, it means having to deal with more sophisticated scams that are harder to detect. For businesses, the situation is even more critical: attacks today are often targeted, with highly customized and sophisticated malware designed after a thorough reconnaissance phase.

In conclusion, the cyber threat landscape has not diminished: it has evolved. The challenge is no longer the quantity of generic malware, but the ability to defend against targeted and ingenious threats, where the human element remains the most fragile factor.