Cybersecurity threats are evolving, with attackers increasingly focusing on stealing login credentials and exploiting previously compromised data, according to a new report from Kaspersky Digital Footprint Intelligence (DFI). This shift signals a move away from traditional malware towards more sophisticated social engineering tactics and dark web marketplaces.
Key Takeaways
- Over a million online banking accounts from the world’s top 100 banks had their credentials compromised and shared on the dark web in 2025.
- A significant portion of compromised payment cards remain valid for extended periods, allowing attackers to exploit them long after theft.
- Mobile financial malware is on the rise, while traditional PC banking malware usage is declining.
- Phishing campaigns are adapting to regional digital behaviours, with e-commerce lures dominating in the Middle East and bank-related phishing prevalent in Africa.
The Evolving Threat Landscape
Kaspersky’s findings reveal a significant trend: cybercriminals are increasingly targeting account credentials and leveraging data reuse. In 2025, over one million online banking accounts belonging to customers of the world’s 100 largest banks were compromised, with their login details appearing on the dark web. India, Spain, and Brazil reported the highest median number of compromised accounts per bank.
Furthermore, the report highlighted that a substantial number of payment cards compromised by infostealer malware in 2025 were still valid as of March 2026. This indicates that stolen card details can remain a viable threat for months, or even years, after the initial compromise.
Shift from PC to Mobile and Social Engineering
Attackers are moving away from traditional PC banking malware, a trend attributed to users increasingly managing their finances via mobile devices. While PC financial malware saw a decline in affected users, mobile banking malware attacks surged by 1.5 times in 2025 compared to the previous year.
Social engineering and dark web marketplaces are becoming the preferred tools for cybercriminals, supplanting older methods. Traditional financial phishing, however, remains a potent threat. E-shop impersonations dominated financial phishing pages in 2025, accounting for 48.5 percent of attacks, an increase of 10.3 percent from 2024. Bank-related phishing saw a decrease, while payment system phishing experienced a slight rise.
Regional Adaptations in Phishing
Cybercriminals are tailoring their campaigns to regional digital habits. In the Middle East, financial phishing is heavily concentrated on e-commerce (85.8 percent), reflecting a strong reliance on online retail. In contrast, bank-related phishing leads in Africa (53.75 percent), suggesting potential vulnerabilities in user account security in the region.
Recommendations for Users and Businesses
Kaspersky advises individual users to exercise caution by avoiding suspicious links, verifying web pages before entering sensitive information, and employing multi-factor authentication. Creating strong, unique passwords and storing them securely in a password manager is also recommended.
For businesses, Kaspersky suggests a thorough assessment of their entire infrastructure, prompt fixing of vulnerabilities, and seeking external expertise to identify hidden risks.
Sources
- Cyberthreats shifted toward credential theft, data reuse: Kaspersky – Technology, Business Recorder.
