In 2025, an average of 500,000 malicious files a day were detected worldwide. In particular, password-stealing malware and spyware surged, and analysts said cyberattack techniques targeting corporations and individuals are becoming more sophisticated.
Kaspersky on the 31st released the "2025 Kaspersky Security Bulletin (KSB)," analyzing key trends in cybersecurity. According to the report, the number of malicious files detected by Kaspersky's detection systems in 2025 averaged 500,000 a day, up 7% from the previous year.
By threat type, password-stealing malware rose 59%, spyware 51%, and backdoor detections 6%, respectively. With theft of account information and surveillance-style attacks expanding at the same time, methods of infiltrating corporations' networks are diversifying, analysts said. By operating system (OS), Windows environments remained the primary target. In 2025, 48% of Windows users were exposed to various cyber threats, compared with 29% of Mac users.
By attack vector, 27% of users were exposed to web-based threats, while 33% were exposed to local threats such as USBs and external storage devices. Kaspersky analyzed that "not only attacks via the web but also internally introduced threats remain major risks."
By region, password-stealing malware in the Asia-Pacific (APAC) region jumped 132%, the largest increase. In addition, most regions, including Latin America, Europe, Africa, and the Commonwealth of Independent States (CIS), recorded double-digit increases in spyware and backdoor detections.
Kaspersky advised individual users to refrain from installing apps and clicking links from unknown sources, use two-factor authentication (2FA), and manage strong passwords, while recommending that corporations implement enterprise-wide device patch management, minimize external exposure of RDP, and build security frameworks based on threat intelligence.
Alexander Liskin, head of threat research at Kaspersky, said, "Exploiting vulnerabilities remains the most preferred method of infiltrating corporations' networks, followed by the abuse of stolen account information," adding, "This has led to a sharp increase in password-stealing malware and spyware." He added, "Supply chain attacks targeting the open-source ecosystem are also continuing, and this year we confirmed a large-scale worm attack in the NPM ecosystem."
Lee Hyo-eun, head of Kaspersky's Korea office, said, "The detection of as many as 500,000 malicious files a day shows how high the current level of cyber threats has become," emphasizing, "Corporations must prepare for evolving threats such as account theft and spyware through advanced security solutions."