Cyberthreats shifted toward credential theft, data reuse: Kaspersky

ISLAMABAD: Financial cyberthreats have been shifted toward credential theft and data reuse including stealing of account holders credentials, according to Kaspersky Digital Footprint Intelligence (DFI) report released on Wednesday.

The report revealed that over one million online banking accounts served by the world’s 100 largest banks fell victim to infostealers: credentials for these accounts were being freely shared on the dark web during 2025. The countries with the highest median number of compromised accounts per bank were India, Spain, and Brazil.

Around 74 of payment cards that were compromised by infostealer malware, published on dark web resources and identified by Kaspersky DFI team in 2025, remained valid as of March 2026. This means that attackers could still use cards that had been stolen months or even years prior.

Attackers are moving away from traditional PC banking malware and increasingly relying on social engineering and dark web marketplaces, while mobile financial malware continues to grow.

In 2025, the decline in users affected by financial PC malware continued as users increasingly rely on mobile devices to manage their finances. Contrary to PC banking malware, mobile banker attacks grew by 1.5 times in 2025 compared to the previous year.

Traditional financial phishing has not gone away. Pages that mimicked e-shops dominated the financial phishing landscape with 48.5 percent in 2025, up 10.3 percent from 2024, followed by banks with 26.1 percent in 2025, down by 16.5 percent from 2024 and payment systems with 25.5 percent share in 2025, up by 6.2 percent from 2024.

Attackers are adapting campaigns to regional digital habits. In the Middle East, financial phishing is overwhelmingly concentrated on e-commerce with 85.8 percent, indicating a heavy reliance on online retail lures, whereas in Africa bank-related phishing leads with 53.75 percent which may indicate that user account security there is still insufficient.

Kaspersky recommended that individual users should not follow links from suspicious messages and double-check web pages before entering your credentials or banking card details. Use multifactor authentication where possible, create strong unique passwords and safely store them in a password manager.

Kaspersky recommended that businesses should assess the entire infrastructure, fix vulnerabilities, and consider external specialists for fresh perspectives that reveal concealed risks, the report added.

Copyright Business Recorder, 2026