More than one million online banking accounts were compromised in 2025 as cybercriminals shifted tactics toward stealing login credentials and reusing stolen data, according to a new report from Kaspersky. The report shows attackers are moving away from traditional banking malware on computers and instead relying on social engineering schemes and dark web marketplaces, while threats targeting mobile devices continue to rise.
Financial phishing remains a major threat, with fake online shopping websites making up nearly half of all phishing attacks last year. Bank-related phishing declined, suggesting that criminals are finding it harder to imitate banking platforms and are turning to easier targets such as e-commerce and payment systems. Attack patterns also vary by region, with online shopping scams dominating in the Middle East, bank-focused phishing more common in Africa, and a more balanced mix seen in Latin America, Asia-Pacific, and Europe.
At the same time, attacks using traditional PC banking malware continued to decline as more people manage their finances on smartphones. However, mobile financial malware increased significantly, growing by about 1.5 times compared to the previous year.
Infostealer malware has become a key tool for cybercriminals. These programs collect sensitive data such as login credentials, bank card details, and cryptocurrency wallet information, which are then used for fraud or sold online. The report found a sharp rise in such activity, particularly in the Asia-Pacific region. Data from Kaspersky indicates that credentials from over one million accounts at the world’s largest banks were circulating on the dark web in 2025, with India, Spain, and Brazil among the most affected countries.
The report also revealed that most stolen payment card data remains usable long after being leaked. As of March 2026, nearly three-quarters of compromised cards identified in 2025 were still valid, allowing criminals to continue using them months or even years later.
Experts warn that the dark web has become a central marketplace for financial cybercrime, where stolen data and ready-made phishing tools are bought and sold, making it easier for even inexperienced attackers to carry out fraud. They stress that stronger security measures, better monitoring, and increased user awareness are needed to reduce the risk.
