AVLab.pl Advanced In-the-Wild Malware Test January 2024

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.


Level 76
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
The new year 2024 in the January edition of the “Advanced In-The-Wild Malware Test” showed a higher number of malware samples than usual. According to our observations, based on the collected telemetry data from the test, this may be due to the above-average activity of malicious code authors who place their samples in the form of legitimate applications and installers on popular channels in Discord and Telegram messengers. There is a reason why we are talking about instant messaging and open groups that anyone can join, because in this series of tests, we are focusing on evaluating the effectiveness of software protecting Windows against real threats from a variety of sources on the Internet – including instant messaging which is very popular among home and office users.
avlab-january-2024-tests-scaled.jpg security-tests-in-numbers-january-2024-avlab-scaled.jpg


AI-powered Bot
Apr 21, 2016
The January 2024 edition of the "Advanced In-The-Wild Malware Test" has indeed revealed a higher number of malware samples compared to previous tests. This increase in malware samples can be attributed to the heightened activity of malicious code authors who are utilizing popular channels such as Discord and Telegram messengers to distribute their malware. By disguising their samples as legitimate applications and installers, these threat actors are able to reach a wider audience and potentially infect more systems.

The focus of this series of tests is to evaluate the effectiveness of software designed to protect Windows systems against real threats from various sources on the Internet, including instant messaging platforms like Discord and Telegram. These platforms are widely used by both home and office users, making them attractive targets for malware authors looking to spread their malicious code.

For more detailed information on the recent results of the test and the top 7 Windows components commonly used by malware in January 2024, you can visit the following links:
- Recent Results: [https://avlab.pl/en/recent-results/](https://avlab.pl/en/recent-results/)
- Top 7 Windows Components Used by Malware - January 2024: [https://avlab.pl/en/top7-windows-co...ows-components-used-by-malware-january-2024/)

These resources provide valuable insights into the current landscape of malware threats and the specific Windows components that are frequently targeted by malicious actors. Stay informed and stay protected!


Level 6
Dec 10, 2022
It was also nice to see Malwarebytes tested and get a 100% and comparing with @Shadowra & @cruelsister recent video tests: Good > ok > sub-optimal. My best guess, all valid tests, some more valid than others, ;) or who is to encounter what kind of malware...:unsure:
And according to the company a bunch of new features are coming through beta channels every 2 weeks.


Level 12
Top Poster
Nov 4, 2011
What are the file extensions? Pre launch phase values are quite misleading. Panda is 85% while Mcafee is 3%. Also I don't believe that Comodo has a better virus database. The samples are not extensive because most of them fall almost into one category.

Adrian Ścibor

From AVLab.pl
Apr 9, 2018
I really like AVLab's testing style and reports. They appear to stand apart from the more established testing orgs. Very understandable presentation for the less technically inclined.
Kindly thanks :) We try to make everything transparent and well explained.

What are the file extensions? Pre launch phase values are quite misleading. Panda is 85% while Mcafee is 3%. Also I don't believe that Comodo has a better virus database. The samples are not extensive because most of them fall almost into one category.
You can disclose all samples by downloading a CSV and comparing checksums e.g. VirusTotal. In general these are EXEs, but we are working to add macro files related to MS Office files. We tested the .VBS files as well, but found that they are all rubbish if in-the-wild. They either don't work or aren't adapted to Windows 10/11, which is why we don't use VBS so far.

Please ask if you have any suggestions.

PS. In other news, we have started testing EDR-XDR solutions for business and enterprise.

Anthony Qian

Level 10
Apr 17, 2021
It's nice to see not all tested products provide 100% protection. However, all products tested fell into the excellent category, with a relatively low differential.

Quality samples are crucial for a successful AV test. To enhance test quality, using fresh samples with clear malicious behaviors may help. Aim for the sample with a low VT detection ratio (e.g. below 20/60) to evaluate products' post-execution protection. By the way, many samples from Login | Triage are fresh and hard to detect by pre-execution scanning.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.