Your IP:Unknown

·

Your Status: Unknown

Skip to main content

The usual suspects: Everyday online threats in numbers

You face cybersecurity threats every day — even if you don’t notice them. What should you be worried about in your daily online life?

Discover Threat Protection Pro™
hero statistick eye magnifying glass md

NordVPN’s Threat Protection Pro™ feature guards you against common online threats — but just how much danger is the average internet user exposed to everyday? Our researchers have analyzed aggregated Threat Protection Pro™ data over a prolonged period to determine the kinds of threats that you’re most likely to encounter on the internet.

trackers malware ads blocked

All data was processed in accordance with NordVPN’s Terms of Use and Privacy Policy. Our findings were derived only from aggregated Threat Protection Pro™ usage statistics.

Malware: Hiding in plain sight

malware laptop threats md

Malware refers to any kind of programming that was deliberately designed to harm you or your device. This includes malicious software like viruses, trojans, ransomware, and spyware. Malware can steal sensitive data, encrypt important files, or even take over the machine, putting the criminal in complete control.

Most common malware blocked by Threat Protection Pro™

167,671 attacks intercepted

APC

A virus that often targets system configurations and automated processes to cause disruptions.

71,716 attacks intercepted

APC.AVAHC

A variant of the APC virus known for its ability to avoid detection and persist in infected systems.

43,298 attacks intercepted

Redcap.ovgfv

A specific strain of the Redcap trojan, used for data exfiltration and system manipulation.

20,587 attacks intercepted

APC.YAV

A variant of the APC virus family that changes system files and settings.

20,095 attacks intercepted

OfferCore.Gen

Adware that generates intrusive ads and can install unwanted software on infected devices.

18,188 attacks intercepted

CoinMiner

A virus designed to hijack system resources to mine cryptocurrency without the user's consent.

9,295 attacks intercepted

AD.BitcoinMiner

Adware that also mines Bitcoin using the infected system's resources.

8,764 attacks intercepted

Redcap

A trojan that steals data and creates backdoors in infected systems.

6,531 attacks intercepted

Agent.anky

A trojan that’s used as a downloader for other malicious software.

6,393 attacks intercepted

Dropper.Gen

A trojan that installs other malicious software on the infected system.

4,696 attacks intercepted

Vuze.NB

Potentially unwanted software distributed through infected torrent downloads.

4,633 attacks intercepted

Crypt.XPACK.Gen

Ransomware that encrypts files on the victim's device, demanding payment for decryption.

4,586 attacks intercepted

KAB.Talu.2f47b9

A specific variant of the KAB trojan, known for its advanced data-stealing capabilities.

3,225 attacks intercepted

BotSand.77fce6

Botnet malware that creates a network of infected devices for coordinated attacks, like DDoS.

3,022 attacks intercepted

Dropper.MSIL.Gen

A generic name for a .NET-based dropper trojan that installs additional malware.

2,809 attacks intercepted

Phishing.AAI

Malware used in phishing attacks, tricking users into giving away sensitive information.

2,688 attacks intercepted

APC.Gendit

A variant of the APC virus, designed to disrupt processes on the infected device.

2,609 attacks intercepted

Null

Ransomware that encrypts files using the AES-256 algorithm and demands 2.2 Bitcoins in ransom.

2,485 attacks intercepted

InstallCore

A potentially unwanted program and adware that bundles software with other installations.

2,387 attacks intercepted

APC.Griffin

Malware that changes the system files and settings on your computer.

Data collected from January 1, 2024 to August 1, 2024.

How malware infects your device

Unlike zero-day exploits and bugs, malware is not present on machines from the get-go — it must be actively brought onto your device, such as by downloading an infected file. One of the most common ways to get infected with malware is through phishing attacks. Scammers use deceptive misspellings of popular brands (such as spelling “Amazon” as “Arnazon”) to trick victims into clicking phishing links and downloading infected files.

In fact, 99% of all phishing attacks use just 300 brands for deception. The brands themselves are not at fault — such fakes hurt their reputation as well, forcing companies to actively hunt them down. But high brand awareness can lull victims into a false sense of security and get them to lower their guard.

brands spreading malware
NordVPN is not endorsed by, maintained, sponsored by, affiliated, or in any way associated with the owners of the mentioned brands. Brands are indicated solely for the purpose of accurately reporting information related to brands that were most likely to be impersonated for spreading malware.

While hackers can disguise malware as any file by renaming the executable and using double extensions, a few file types are much more likely to hide malware than others. Our research shows that users should be particularly careful when downloading files with the following extensions from the internet:

files extensions malware

Malware is also not distributed equally across the internet. Some web domain categories are particularly prone to harboring malware, with over half of all malware blocked by Threat Protection Pro™ coming from pages with adult content. According to our findings, users should be particularly careful when visiting websites within the following categories:

domain categories malware

Our research shows that the risk of getting infected with malware also varies by geographic region. The differences could be attributed to the varying levels of internet connectivity, economic development, and cybersecurity awareness between countries. From aggregated Threat Protection Pro™ data, we can infer that users in the following locations are most at risk of malware:

Countries most affected by malware

countries malware africa infographic

Beyond malware: Web trackers and ads

Web trackers are a broad category of privacy-invading tools that collect information on user activity. Trackers typically take the form of special scripts, browser cookies, or tracking pixels. Businesses use trackers to paint an accurate picture of you for targeted advertising — but if they suffer a data breach, the stored tracker data could end up falling into the hands of cybercriminals. The following domain categories feature the most trackers:

domain categories trackers

How to stay safe from common cyberthreats

Develop good cybersecurity habits

Cybercriminals prey on apathy, confusion, and ignorance, hoping that victims will forego due diligence. For example, most phishing attempts involve distorted names of popular brands.

Verify, download, scan, install

Malware executables may be disguised as or even hidden in legitimate files. Always verify the website you wish to download from, and always use anti-malware tools like Threat Protection Pro™ to inspect files you download. This includes suspicious email attachments.

Be careful where you go online

Certain web domain categories are much more likely to compromise your device than others. If you visit websites that are likely to contain malware, pay attention to what you type, click, and download.

Let Threat Protection Pro™ keep you safe

Threat Protection Pro™ received a huge update and now combines the best aspects of essential cybersecurity tools into one comprehensive security package. It will scan each file you download for malware, stop you from visiting malicious pages used for phishing, scams, and hosting malware, and block annoying ads.