More than one million online banking accounts were compromised in 2025 as cybercriminals increasingly turned to credential theft and data reuse, according to a new report by Kaspersky. The findings highlight a significant shift in financial cyberthreats, with attackers abandoning traditional malware in favor of social engineering tactics and dark web marketplaces.
The report reveals that infostealer malware, designed to harvest sensitive user data, has become a central tool in modern financial crime. These programs extract login credentials, banking details, cookies, and even cryptocurrency wallet information from both computers and mobile devices. The stolen data is then sold or reused, enabling account takeovers and fraudulent transactions.
According to Kaspersky’s Digital Footprint Intelligence, credentials linked to over one million accounts across the world’s 100 largest banks are now circulating on the dark web. Countries such as India, Spain, and Brazil recorded the highest median number of compromised accounts per bank. Alarmingly, 74% of payment cards exposed through infostealer activity in 2025 remained valid as of March 2026, leaving users vulnerable to ongoing exploitation.
While financial phishing remains a persistent threat, its tactics are evolving. In 2025, nearly half (48.5%) of phishing attacks impersonated e-commerce platforms, a sharp increase from the previous year. In contrast, banking-related phishing declined by 26.1%, while scams targeting payment systems rose to 25.5%, up 6.2% from 2024.
This shift suggests that as banks strengthen their security systems, cybercriminals are pivoting to less-protected entry points such as online retail platforms to gain access to financial data.
Regional patterns also highlight how attackers tailor their methods. In the Middle East, e-commerce phishing dominates, accounting for 85.8% of attacks. In Africa, however, bank-related phishing leads at 53.75%, indicating gaps in account security. Meanwhile, regions such as Latin America, Asia-Pacific, and Europe show a more balanced distribution of phishing tactics.
The report also notes a decline in traditional PC banking malware, reflecting a broader shift toward mobile-first financial habits. Mobile banking malware attacks surged by 1.5 times in 2025 compared to the previous year, signaling that handheld devices are becoming the new frontline in financial cybercrime.
At the same time, infostealer detections rose sharply, up 59% globally, including 53% in Africa and 26% in the Middle East—further fueling credential-based attacks.
A Growing Cybercrime Ecosystem
“The dark web has become a central hub for financial cybercrime,” said Polina Tretyak, an analyst at Kaspersky Digital Footprint Intelligence. She noted that stolen credentials and bank card details are “aggregated, repackaged, and sold,” while phishing kits are offered as ready-to-use tools, making cybercrime more accessible and scalable.
Experts warn that this interconnected ecosystem allows even low-skilled attackers to launch sophisticated fraud campaigns, amplifying the scale and impact of attacks.
Individuals are advised to remain vigilant by avoiding suspicious links, verifying websites before entering sensitive information, and enabling multi-factor authentication. Using strong, unique passwords and storing them securely in password managers can also reduce risk.
For businesses, the report recommends conducting comprehensive security assessments, addressing vulnerabilities, and deploying integrated threat detection systems. Continuous monitoring of dark web activity is also crucial to identifying emerging threats and preventing data breaches.
As cybercriminals continue to evolve their tactics, both individuals and organizations face growing pressure to stay ahead of an increasingly complex and persistent threat landscape.
Mark your calendars! The GreenShift Sustainability Forum is back in Nairobi this August. Join innovators, policymakers & sustainability leaders for a breakfast forum as we explore sustainable solutions shaping the continent’s future. Limited slots – Get your early bird tickets now – here. Email info@techtrendsmedia.co.ke for partnership requests.
Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent and across the world.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
