March 27, 2017

Malwarebytes Releases Asia Pacific State of Malware Report

Asia Pacific a Hotbed for Android Malware, Botnets and Banking Trojans

SINGAPORE  –  March 27, 2017Malwarebytes™, the leading advanced malware prevention and remediation solution, today in conjunction with the launch of their regional headquarters in Singapore, announced the release of the inaugural Asia Pacific State of Malware Report 2017. The report examines the top malware threats present in the region for 2016. The findings illustrate a significant shift in cybercriminal attack and malware methodology from previous years.

The study reveals that ransomware, ad fraud and botnets have risen to prominence in the current threat landscape. Particularly in Asia Pacific, botnets reigned supreme with the region accounting for more than 50% of botnet incidences globally. Furthermore, Android malware was also present in significant numbers in the region, with the top three countries accounting for 15% of detections globally. Banking Trojans were also rampant – the region comprised more than a quarter (27%) of detections across the globe.

The study examined data from more than one billion malware detections/incidences, covered more than 100 million devices over 200 countries, in both corporate and consumer environments. Data was also obtained from Malwarebytes’ internal honeypots and collection efforts to identify malware distribution, not just infections.

Malware that was covered include:


·        Banking Trojans

A malicious program as a form of Trojan horse which is used to steal confidential information in online banking systems.

·        Ransomware

A type of malware that block users from accessing their system until a ransom is paid. It can be done through locking users’ file and/or system’s screen.

·        Botnets

A type of malware that infects a number of interconnected devices to perform multiple tasks such as denial-of-service attacks (DDOS), spreading spam, bitcoin mining, clickfraud and stealing personal and financial information. It is under the control of a botnet operator that runs or controls the C&C (command and control) server(s).

·        Ad fraud

Also, called click fraud or click spam, is a practice by bad actors, specifically dubious advertising networks, wherein they deliberately use automated programs—from simple to sophisticated bots and botnets—to interact with advertisements online.


·        Adware

Software designed to display or download unwanted advertisements, such as banners, automatically when the program is running.

·        Android malware

A malicious software that infects mobile phones which are run under Android operating systems through making the system collapse or confidential information leakage.


Jeff Hurmuses, Area Vice President and Managing Director, Asia Pacific, Malwarebytes said, “To protect users in Asia Pacific from cyber criminals, we must possess an intimate understanding of their methodologies and tactics.”

He added, “In Asia Pacific, we are seeing that botnets are particularly rampant. A particularly sneaky malware – botnets can remain undetected for long periods of time and expose users to other malware threats and infections. As individuals and businesses become more reliant on computing in their professional and daily life, it is imperative they remain aware of new cyber attack methodologies and how they can impact them.”


Key findings include[1]:

Total Malware Detections

Asia Pacific contributed significantly to the total number of malware infections detected globally, with 3 countries amongst the top 10 countries with most malware infections globally. This includes Indonesia, India and the Philippines, which ranked fourth, seventh and eighth on the global rankings respectively.

Emerging markets in Asia Pacific such as Indonesia, India, Philippines, Thailand and Malaysia proved to be more susceptible to malware infections than their counterparts. Whilst there are several factors that could be responsible for this distribution, this finding may also partially be due to the large number of third party app stores utilized by consumers as well as the presence of pirated software within the markets.

Asia Pacific is relatively safe from Ad Fraud, Adware and Ransomware

The Asia Pacific is relatively untouched by ad fraud, adware and ransomware. With no individual Asia Pacific country accounting for more than 2.5% of detections globally in these categories.

However, we have noticed that cyber criminals are extensively targeting developed markets in Europe and the US with ransomware, ad fraud and adware. As these malware provide a source of direct profit these cybercriminals are likely to turn their attention towards developed markets in the Asia-Pacific once Europe and the US begin deploying counter measures more actively.

The Philippines is a Botnet Haven

Asia Pacific topped the chart of botnet detections globally, accounting for more than 50% of botnet detections. Emerging markets in the region responsible for the majority of botnet detections, with developed countries accounting for less than 0.5% of global botnet detections.

  • There are three APAC countries among the top five countries for botnet detections globally, with five among the top ten. The countries listed in order from most incidences to least are the Philippines, Indonesia, India and Thailand and Malaysia.
  • The Philippines was the top country globally for botnet detections, with nearly 4 times as many detections as the second ranked country, Indonesia.
  • The five APAC countries ranked in the top 10 accounted for nearly half of botnet detections overall.

Mobile malware is getting smarter

In our research, we have observed increased use of randomization utilized by malware authors to evade detection by mobile security engines, leading to increased malware infection rates amongst android devices globally.

Android malware is particularly rampant in Indonesia, India, the Philippines, and Malaysia.

  • Three Asia countries (Indonesia, India, and Philippines) made the top 10 for Android malware detections globally, accounting for more than 15% of Android malware detections in total.
  • The high prevalence of Android malware detections in these countries can be attributed to the extensive use of relatively unsecured third-party app stores amongst consumers.

Risky online banking

The Philippines and Thailand accounted for a disproportionately large amount of banking Trojan malware detections. The two countries combined accounted for more than 20% of global banking Trojan detections. The Philippines in particular boasted nearly twice as many detections as the second-ranked country, Thailand.

Malware distribution

In examining malware distribution over the years, we have observed only one stable truth of malware development: distribution through email. Phishing attacks, including malicious attachments, had a big comeback in the second half of 2016. However, we predict that exploit kits (RIG specifically) are likely to become the standard for malware distribution again in the very near future.

We will not see malicious phishing attacks disappear. Due to the new developments in the download and installation of malware originating from phishing emails, as well as the use of macro scripts in Microsoft Office documents, this method of attack will continue at steady levels throughout the rest of the year, likely with increased sophistication

Hurmuses said, “Whilst our findings illustrate that in general, Asia is not the top continent for cybercriminal attack, we see that the emerging markets in Asia are generally more vulnerable to malware. However, it is likely that as developed markets in Europe and the US begin to take cyber security more seriously we will see cyber criminals looking for new targets amongst Asia Pacific’s developed economies.  As now we have a footprint in Asia, we are excited to be able to go faster and further in supporting all consumers and businesses in the region, helping them better protect their online activities. At Malwarebytes, we believe strongly that everyone deserves a malware free existence.”


About Malwarebytes

Malwarebytes is the next-gen cybersecurity company that millions worldwide trust. Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware, and exploits that escape detection by traditional antivirus solutions. The company’s flagship product combines advanced heuristic threat detection with signature-less technologies to detect and stop a cyberattack before damage occurs. More than 10,000 businesses worldwide use, trust, and recommend Malwarebytes. Founded in 2008, the company is headquartered in California, with offices in Europe and Asia, and a global team of threat researchers and security experts. For more information, please visit us at

Malwarebytes founder and CEO Marcin Kleczynski started the company to create the best disinfection and protection solutions to combat the world’s most harmful Internet threats. Marcin was recently named “CEO of the Year” in the Global Excellence awards and has been named to the Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal’s 40 Under 40 award, adding those to an Ernst & Young Entrepreneur of the Year Award.


About The State of Malware Report

To view the full global State of Malware report for more detailed findings and analysis, visit

Malwarebytes continues to research and innovate solutions against the evolving threats faced by all, whether the computer use is at home or at work. Another recent Malwarebytes research report on ransomware documented late-2016 trends on this threat from more than 200 countries. These reports and analysis from Malwarebytes global telemetry feeds aids the company in developing solutions like Malwarebytes 3.0, a first of its kind. Employing four independent technology modules—anti-malware, anti-ransomware, anti-exploit and malicious website protection— Malwarebytes blocks and removes both known and unknown threats across the globe.

1 Please see appendix for full figures

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.