Windows: Malware samples exceeded 1 billion mark

Windows: Malware samples exceeded 1 billion mark

Share post

At the end of December 2022 and January 2023, the AV-TEST statistics tool AV-ATLAS registered more than 1 billion malware samples for Windows. However, the increase continues rapidly with 7 to 10 million new malware samples per month.

The number of more than 1 billion malware samples for Windows is staggering. The monthly growth figures are also absolutely frightening. As of the date of the article, the tool counted exactly 1.014.313.024 samples - again an increase of over 14 million. Just for comparison: With this number of malware samples, there is now statistically about 1 sample per Windows 10 user. Because according to experts, around 1 billion users are currently using the Windows 10 version. In addition, of course, there are a few hundred million users of other Windows versions.


Malware: From 10 million to 85 billion in 1 years

🔎 At the turn of the year 2022/2023, AV-ATLAS registered more than 1 billion malware copies for Windows (Image: AV-TEST).

Already at the beginning of 2013, the experts were shocked by more than 85 million pieces of malware for Windows. No one expected the monthly and annual growth figures to soar. Even more unbelievable is the fact that the laboratory experts from AV-TEST not only registered each of these pests in their mega database with all the important information, but also saved it as a file - with high security, of course.

Malware only - no PUAs

Some experts also count the "Potentially Unwanted Applications" - PUA for short - among the dangerous programs. However, since the experts are arguing at this point as to what is only undesirable or what is already harmful, all PUAs are listed separately in AV-ATLAS. If these programs were all counted as dangerous, then the database already knows 1,25 billion programs.


Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month

By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.


This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at:

Data processing

We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

All malware samples have already been examined and cataloged by the experts. What had to be recorded manually in the first few days is now done almost automatically by internal scanners and virtual machines that work day and night AV-TEST CEO Maik Morgenstern found out.

Another important note: the use of the AV-ATLAS platform is possible for everyone - and free of charge. In addition to malware and PUA statistics, you will also find current information on the threat situation, the latest spam campaigns, dangerous URLs and current global attacks on IoT devices. While visitors only see a constantly updated section of the data, customers can run entire streams into their defense systems.


More at



AV-TEST GmbH is an independent provider of services in the field of IT security and anti-virus research with a focus on the identification and analysis of the latest malware and its use in comprehensive comparative tests. The fact that the test data is up-to-date enables the quick-response analysis of new malware, the early detection of virus trends, and the investigation and certification of IT security solutions. The results of the AV-TEST Institute represent an exclusive information base and serve manufacturers for product optimization, specialist magazines for the publication of results and end customers for orientation in product selection.

The company AV-TEST has been operating in Magdeburg since 2004 and employs more than 30 people with profound specialist and practical experience. The laboratories are equipped with 300 client and server systems in which more than 2.500 terabytes of self-determined test data of harmful and harmless information are stored and processed. Further information can be found at


Matching articles on the topic

Top malware in Q1-2023: Qbot, Formbook, Emotet

Check Point's Spring 2023 Global Threat Index shows that malware Qbot, Formbook, and Emotet am ➡ Read more

E-mail communication: end-to-end encrypted

E-mails are considered to be one of the most important forms of communication in the business environment. But only every second company uses end-to-end encryption methods such as PGP or ➡ Read more

Lazarus: New backdoor against targets in Europe 

The APT group Lazarus, known for many attacks, is also using a new backdoor malware against targets in Europe. The purposes ➡ Read more

Mobile Security Report: 2 new malware apps every minute 

Android smartphone owners are at high cyber risk. Mobile Security: Although the attacks are fewer, they are much better executed. ➡ Read more

Ransomware: HardBit 2.0 asks for cyber insurance

The HardBit 2.0 ransomware group asks the company for cyber insurance information after a successful attack. That's how the group wants theirs ➡ Read more

Cyber ​​attacks: automotive industry badly affected

A new study shows that the automotive industry and suppliers are particularly often affected by cyber incidents. Trend Micro has investigated the cyber attacks ➡ Read more

Mobile working worsens the cyber security situation

Lack of security awareness when working from home: In a survey* by SoSafe, 9 out of 10 respondents said the cybersecurity situation is getting worse ➡ Read more

2022: DDoS attacks increased and continue to increase 

Analysis of 2022 data shows malicious DDoS attacks increased by 150%.Radware released its 2022 Global Threat Analysis Report ➡ Read more