Malware Trends Q4 2025: Inside ANY.RUN’s Latest Threat Landscape Report 

ANY.RUN's Q4 2025 Malware Trends report provides an aggregated view of the threat landscape for the last quarter of 2025, highlighting persistent stealer activity (despite a decline), a pronounced surge in RATs and backdoors (notably XWorm +174%), growth in phishing/2FA-bypass kits (Tycoon, EvilProxy, Sneaky2FA), top detected TTPs (e.g., Install Root Certificate T1553.004, Masquerading T1036.* , PowerShell/Command Shell execution), and millions of sandbox analyses with over one billion IOCs collected—underscoring active, large-scale criminal operations and evolving attacker techniques rather than a single exploit or breach.