Infostealers fuel banking fraud surge

by TINTSWALO BALOYI
JOHANNESBURG – A new report by Kaspersky has revealed a sharp shift in financial cybercrime, with more than one million online banking accounts compromised in 2025 as attackers increasingly abandon traditional malware in favour of credential theft and data exploitation.

The findings show that cybercriminals are moving away from conventional PC-based banking attacks, instead leveraging infostealer malware, social engineering tactics and dark web marketplaces to access sensitive financial data.

This transition reflects changing user behaviour, as more people rely on mobile devices for banking.

Despite evolving tactics, financial phishing remains widespread.

Fraudulent pages mimicking online shops accounted for 48.5% of attacks in 2025, a significant increase from the previous year.

Bank-related phishing declined to 26.1%, while payment system scams rose to 25.5%.

Analysts suggest criminals are targeting platforms that are easier to replicate and exploit.

Regional patterns highlight how attackers tailor campaigns to local digital habits.

In Africa, bank-focused phishing dominates, accounting for 53.75% of incidents, raising concerns about account security vulnerabilities.

In contrast, the Middle East is heavily targeted through e-commerce scams, while Europe and Asia-Pacific show more diversified attack strategies.

At the same time, mobile financial malware is on the rise, increasing by 1.5 times in 2025 compared to the previous year.

Meanwhile, attacks involving infostealers surged globally by 59%, enabling widespread harvesting of login credentials, banking details and cryptocurrency data.

According to Kaspersky’s Digital Footprint Intelligence, stolen credentials from over one million accounts linked to the world’s largest banks were circulated on the dark web.

Alarmingly, 74% of compromised payment cards identified in 2025 remained valid as of March 2026, meaning they could still be used for fraudulent transactions long after being stolen.

Polina Tretyak, a Digital Footprint Intelligence analyst at Kaspersky, said: “The dark web has become a central hub for financial cybercrime. Stolen credentials and bank cards that have been harvested by infostealers are aggregated, repackaged, and sold there, while phishing kits targeted at users of financial products are offered as ready-to-use services. This creates a self-sustaining ecosystem where data theft and fraud operations reinforce each other, making attacks scalable and easy to carry out by fraudsters with minimal experience. Breaking this cycle requires proactive threat intelligence on the part of organisations, and increased awareness and scrutiny from individual users.”

Experts warn that the growing sophistication and accessibility of these tools are lowering the barrier to entry for cybercriminals, making financial fraud more widespread and harder to contain.

Both individuals and businesses are urged to adopt stronger security practices, including multi-factor authentication, robust password management and continuous monitoring of potential threats, particularly on dark web platforms.

– CAJ News