Evasion-first malware is slipping past signature-based defenses, demanding adaptive, behavior-led, multilayered security
Dubai, United Arab Emirates – August7, 2025 – OPSWAT, a global leader in critical infrastructure protection, has released its first-ever Threat Landscape Report, revealing key insights from over 890,000 sandbox scans in the last 12 months.
Jan Miller, Chief Technology Officer of Threat Analysis at OPSWAT
This report offers a unique lens into the evolving nature of cyberthreats. The findings are clear: traditional detection methods are being outpaced, with a 127% rise in malware complexity and a staggering 1 in 14 files—initially deemed ‘safe’ by legacy systems—proven to be malicious. This report is a call to action for industries relying on outdated defenses and the importance of multi-layered solutions.
Key Findings:
127% Increase in Malware Complexity
Behavioral telemetry revealed a 127% rise in multi-stage malware complexity over the past year. OPSWAT’s sandbox uncovered layered threats designed to evade analysis, including obfuscated loaders such as NetReactor and evasive behaviors missed by traditional tools. These results show that modern malware intends to confuse, not flood, which is why OPSWAT’s pipeline is purpose-built to unpack that complexity.
Proactive Threat Detection
OPSWAT analysis reclassified 7.3% of files that were silent across open-source intelligence (OSINT) feeds as malicious, on average 24 hours earlier than public data sources. These were confirmed executions, not speculative flags, highlighting how adaptive analysis can close dangerous gaps left by static and reputation-based systems.
Campaign-Level Threat Correlation
With 890,000+ sandbox scans, OPSWAT connects the dots across threats. It identifies shared TTPs, reused C2 infrastructure, and behavioral patterns across campaigns. This provides defenders with context-rich, actionable intelligence instead of noisy indicators.
99.97% Detection Accuracy
OPSWAT’s behavioral and machine learning pipeline delivers results. Aided by a newly enhanced PE emulator, the platform identified sophisticated threats such as:
- Clipboard hijacking via ClickFix
- Steganography-wrapped loaders
- C2 channels embedded in Google services
- .NET Bitmap malware loaders delivering Snake Keylogger payloads
“Our strength lies in precision, behavioral depth, and early visibility into emerging attacks,” said Jan Miller, Chief Technology Officer of Threat Analysis at OPSWAT. “That’s what sets OPSWAT apart in delivering high-fidelity, context-aware threat intelligence.”
Why It Matters
As critical infrastructure, government systems, and enterprise networks face growing targeting from increasingly modular and evasive malware, the findings of this report spotlight the evolving adversary playbook and the need for integrated, multilayered solutions.
Cybersecurity leaders must now prioritize adaptability, shared intelligence, reassessing technology, and fast behavioral detection pipelines to protect systems from known threats, but also to keep pace with a rapidly evolving threat landscape and whatever is on the horizon.
Filescan.io, part of the OPSWAT MetaDefender Platform, powers advanced threat detection and file analysis across critical environments. Download the full report and learn more about OPSWAT’s integrated pipeline at Filescan.io.
– ENDS –
About OPSWAT
Since 2002, OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, has continuously evolved an end-to-end solutions platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks and ensure compliance. Empowered by a “Trust no file. Trust no device.™” philosophy, OPSWAT solves customers’ challenges around the world with solutions and patented technologies across every level of their infrastructure, securing their networks, data, and devices, and preventing known and unknown threats, zero-day attacks, and malware. Discover how OPSWAT protects the world’s critical infrastructure and helps secure our way of life; visit www.opswat.com.
Possible disclaimer to modify and add regarding data source:
Data used in this report is sourced from Filescan.io, part of the OPSWAT MetaDefender Platform. Filescan.io provides advanced threat detection and file analysis across critical infrastructure environments. Data analyzed in this report is derived from community-shared samples and adheres to Filescan.io’sPrivacy Policy and Terms of Use. To the best of our knowledge, the data does not include materials in violation of privacy, licensing, or ownership rights.