FINANCIAL cyberthreats in 2025 saw a continued shift away from traditional PC banking malware, with infostealers driving credential theft and a growing emphasis on data aggregation and reuse, according to the Securelist analysis of anonymised and dark web data from KSΝ and other sources.
Phishing moved further towards online shopping and digital services, with global shares of top categories dominated by online stores (48.45%), banks (26.05%), and payment systems (25.50%), while regional patterns showed strong localised targeting. Banking malware declined in prevalence on PCs, but mobile banking malware grew, and infostealers emerged as a central force, enabling large‑scale fraud and facilitating access to credentials, cookies and autofill data.
In 2025, Grandoreiro and other Brazilian families such as Coyote and Maverick continued to operate, with GoPix targeting Pix and related methods, and Pure Trojan appearing in EDM‑style fraud campaigns, as global fraud activity surged to 1,338,357 banking Trojan attacks on Windows between November 2024 and October 2025.
The dark web reported that over one million online banking accounts, not tied to Kaspersky users, had their credentials stolen, while 74% of payment cards compromised by infostealers remained valid as of March 2026. Looking ahead to 2026, the report emphasises the need for identity protection and real‑time threat intelligence as data‑driven and automated attacks proliferate.