2025 Recap of Community Malware Inventorization efforts

Generated on December 19, 2025 | 1112 library entries analyzed


1,112
Library Entries
from 2025

733
Library Entries
Tagged with Families

763
Unique Family
Tags used
Year-over-Year
Malware Families
Start 2025
3.308
End 2025
3.603
+295
Malware Samples
Start 2025
8.723
End 2025
9.463
+740
Library Entries
Start 2025
16.244
End 2025
17.696
+1452
Top 20 Most Mentioned Families
Rank Family Platforms Mentions Alternative Names
1 Lumma Stealer win.lumma 29 LummaC2 Stealer
2 BeaverTail js.beavertail osx.beavertail 27
3 Black Basta elf.blackbasta win.blackbasta 26 no_name_software
4 InvisibleFerret py.invisibleferret 25
5 Cobalt Strike win.cobalt_strike 20 cobeacon, Agentemis, CobaltStrike (+1 more)
6 AsyncRAT win.asyncrat 16
7 OtterCookie js.otter_cookie 16
8 Remcos win.remcos 15 Remvio, RemcosRAT, Socmer
9 GolangGhost osx.golangghost win.golangghost 13 WeaselStore, BitStep RAT
10 Aisuru elf.aisuru 12
11 XWorm win.xworm 12
12 Rhadamanthys win.rhadamanthys 12
13 FAKEUPDATES js.fakeupdates 11 FakeUpdate, SocGholish, GhoLoader
14 Quasar RAT win.quasar_rat 11 CinaRAT, QuasarRAT, Yggdrasil
15 RansomHub win.ransomhub 10
16 ShadowPad win.shadowpad 10 POISONPLUG.SHADOW, XShellGhost
17 Akira elf.akira win.akira 10 REDBIKE
18 DCRat win.dcrat 9 DarkCrystal RAT
19 ValleyRAT win.valley_rat 9 Winos
20 AMOS osx.amos 9 Atomic macOS Stealer
Monthly Mentions Breakdown
First Half of 2025
JanuaryFebruaryMarchAprilMayJune
Reedbed (6)
Lumma Stealer (4)
Cobalt Strike (3)
Remcos (3)
Hatvibe (3)
Plugx (2)
Systembc (2)
Beavertail (2)
Invisibleferret (2)
Shadowpad (2)
Black Basta (5)
Plugx (5)
Fakeupdates (4)
Lumma Stealer (4)
Beavertail (4)
Invisibleferret (4)
Nailaolocker (4)
Shadowpad (4)
Dcrat (4)
Finaldraft (3)
Black Basta (13)
Lumma Stealer (6)
Remcos (4)
Asyncrat (3)
Quasar Rat (3)
Emmenhtal (3)
Rhadamanthys (3)
Hijackloader (2)
Cobalt Strike (2)
Netsupportmanager Rat (2)
Black Basta (6)
Beavertail (5)
Invisibleferret (5)
Lumma Stealer (4)
Ransomhub (3)
Wrecksteel (3)
Badbazaar (3)
Asyncrat (2)
Fakeupdates (2)
Giftedcrook (2)
Themoon (4)
Rokrat (3)
Lumma Stealer (3)
Danabot (3)
Vshell (2)
Akira (2)
Stealc (2)
Havoc (2)
Terrastealer (2)
Cherryspy (2)
Cobalt Strike (4)
Amatera (3)
Lumma Stealer (3)
Asyncrat (3)
Beavertail (2)
Invisibleferret (2)
Artra Downloader (2)
Havoc (2)
Fog (2)
Jadesnow (2)
Second Half of 2025
JulyAugustSeptemberOctoberNovemberDecember
Scavenger (5) Xworm (3) Cobalt Strike (3) Lumma Stealer (2) Devman (2) Lamehug (2) Royal Ransom (2) Bumblebee (2) Amos (2) Mimikatz (2) Tamperedchef (4) Pxa Stealer (3) Beavertail (2) Golangghost (2) Purerat (2) Vidar (2) Warlock (2) Veletrix (1) Xtinyloader (1) Morpheus Loader (1) Akira (3) Beavertail (3) Ottercookie (3) Invisibleferret (3) Golangghost (3) Gonepostal (3) Shai-Hulud (2) Xworm (2) Tamperedchef (2) Strelastealer (2) Aisuru (5) Ottercookie (4) Beavertail (3) Invisibleferret (3) Nikitear (2) Amos (2) Lumma Stealer (2) Tollbooth (2) Jadesnow (2) Linkpro (2) Remcos (2) Beavertail (2) Invisibleferret (2) Scoringmathtea (1) Landfall (1) Krustyloader (1) Sliver (1) Burnbook (1) Mistpen (1) Agent Tesla (1) Amos (2) Brickstorm (2) Etherrat (2) Amadey (1) Castleloader (1) Mintsloader (1) Icedid (1) Keyhole (1) Latrodectus (1) Romcom Rat (1)
Recurring Family Legend

Families covered in publications across 3+ months are color-coded for easy tracking across the year:

Lumma Stealer (8x)
Beavertail (8x)
Invisibleferret (7x)
Cobalt Strike (4x)
Black Basta (3x)
Remcos (3x)
Asyncrat (3x)
Amos (3x)
Gray badges indicate families with 1-2 month appearances
2025 Highlights
Most Active Month

February 2025

Most Mentioned

Lumma Stealer

Avg Entries/Month

92.7

Data Source: Malpedia Bibliography | Generated: 2025-12-19 | Visit Malpedia

Thank you to the community for making threat intelligence research better! 🚀