Kaspersky's Q1 2026 threat report covers desktop (Windows/macOS) and IoT malware statistics. Key highlights: 343 million online attacks blocked, 77,319 users hit by ransomware (2,938 new variants detected), and 260,588 users targeted by miners. Clop ransomware returned to the top of DLS rankings at 14.42%, displacing Qilin. Law enforcement actions included FBI seizure of the RAMP cybercrime forum, arrests tied to Phobos group, and sentencing of a Yanluowang-linked access broker. On macOS, notable threats included a cryptocurrency theft campaign, the Coruna iOS/macOS exploit kit (linked to Operation Triangulation), and a supply chain attack via the Axios npm package. IoT honeypots saw a significant rise in SSH-based attacks, with the US, Netherlands, and Germany as top sources. Mirai botnet variants dominated IoT threats, with a new variant Mirai.kl emerging.
Table of contents
Quarterly figuresRansomwareMinersAttacks on macOSIoT threat statisticsAttacks via web resourcesLocal threatsSort: