In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing, PC malware, and infostealers.

Securelist is a cybersecurity blog and research platform operated by Kaspersky Lab. It offers insights, analysis, and reports on cybersecurity threats, vulnerabilities, and malware campaigns. Developers can learn about emerging cyber threats, security best practices, and mitigation strategies to protect their applications and systems. Additionally, Securelist provides insights into cybersecurity trends, threat intelligence, and industry developments, offering resources for cybersecurity professionals.

Securelist

Kaspersky's 2025 financial threat report reveals a shift away from traditional PC banking malware toward infostealers and mobile banking trojans. Phishing campaigns increasingly target e-commerce and digital services (Netflix, Apple, Spotify) rather than banks, with strong regional variation. Infostealers surged 59% globally, with over one million banking accounts from the world's top 100 banks compromised and credentials freely shared on the dark web. Mobile banking malware grew 1.5x year-over-year. Brazilian malware families like Grandoreiro, Maverick, and GoPix remained active. The dark web economy around stolen credentials, payment cards, and full identity profiles ('fullz') continues to expand, with 74% of compromised cards still valid as of March 2026.

Kaspersky financial threat report 2025