The rapid proliferation of malware variants and increasingly sophisticated attack techniques have led to low detection efficiency and poor interpretability in existing malware analysis systems. Method: This paper systematically reviews over 100 visualization-driven malware detection studies and proposes the first unified visual analytics framework covering static, dynamic, and network traffic analysis phases. It introduces a novel end-to-end visualization-based detection taxonomy and, for the first time, characterizes cross-platform (desktop, mobile, IoT, distributed systems) detection paradigms and bottlenecks from a technical composition perspective. The framework integrates image-based feature encoding (grayscale images, heatmaps, spectrograms), deep learning models (CNNs/ViTs), explainability techniques (Grad-CAM, t-SNE), and PCAP-to-image network traffic representation. Contribution/Results: We comprehensively map the technical pathways and applicability boundaries of 100+ methods, identifying three critical challenges: scalability, cross-platform generalizability, and human-AI collaborative interpretability—establishing theoretical principles and evolutionary guidelines for AI-powered security visualization systems.

Malware, a persistent cybersecurity threat, increasingly targets interconnected digital systems such as desktop, mobile, and IoT platforms through sophisticated attack vectors. By exploiting these vulnerabilities, attackers compromise the integrity and resilience of modern digital ecosystems. To address this risk, security experts actively employ Machine Learning or Deep Learning-based strategies, integrating static, dynamic, or hybrid approaches to categorize malware instances. Despite their advantages, these methods have inherent drawbacks and malware variants persistently evolve with increased sophistication, necessitating advancements in detection strategies. Visualization-based techniques are emerging as scalable and interpretable solutions for detecting and understanding malicious behaviors across diverse platforms including desktop, mobile, IoT, and distributed systems as well as through analysis of network packet capture files. In this comprehensive survey of more than 100 high-quality research articles, we evaluate existing visualization-based approaches applied to malware detection and classification. As a first contribution, we propose a new all-encompassing framework to study the landscape of visualization-based malware detection techniques. Within this framework, we systematically analyze state-of-the-art approaches across the critical stages of the malware detection pipeline. By analyzing not only the single techniques but also how they are combined to produce the final solution, we shed light on the main challenges in visualization-based approaches and provide insights into the advancements and potential future directions in this critical field.