An analysis found that last year's chain of hacking incidents that hit domestic telecoms, card companies, and retailers served as a trigger for "intelligent phishing crimes" that went beyond massive leaks of personal information to precisely strike ordinary people's financial asset.
Artificial intelligence (AI) security corporations EverSpin said on the 26th that a close analysis of last year's data from its malicious app detection solution FakeFinder found that the large-scale data leaks last year completely changed the nature of phishing crimes.
According to the analysis, the total number of malicious app detections last year was 924,419, down about 11% from the previous year's 1.04 million. However, EverSpin assessed this not as a positive sign but as an "escalation of threats."
An EverSpin official said, "In the past, the main tactic was a 'quantitative offensive' that randomly induced app installations among an unspecified large number of people, but last year the crime pattern shifted rapidly to qualitative strikes that selected only those who couldn't help but be deceived, based on leaked information," adding, "That's because data such as real names, phone numbers, and detailed purchase histories obtained through hacking provided hackers with clear targeting and attack guidelines."
This trend shows up in the data by subtype. The "call interception" type, a traditional voice phishing method, fell 24.1% year over year (370,000 → 280,000 cases), and simple "impersonation apps" also dropped 30% (450,000 → 320,000). This shows that users are no longer easily fooled by calls like "This is the prosecution" or obvious institutional impersonations.
By contrast, malicious apps of the "personal information theft" type, which steal sensitive information on smartphones, surged 53% year over year (210,000 → 320,000 cases), emerging as the biggest threat.
EverSpin viewed this as an essential step to actually exploit leaked personal information in crimes. Because information obtained via hacking alone has difficulty bypassing secondary authentication by financial companies, they threw their full weight behind stealing personal information through malicious apps to secure more complete data such as "text verification codes" and "ID images."
In practice, attackers approached victims using detailed leaked order histories as bait, demanding things like "correct the delivery address error," and then got the app installed while avoiding the victim's suspicion. Once inside, the malicious app was used not for call functions but to seize permissions for text messages, contacts, and photo albums to collect data that could bypass financial authentication.
An EverSpin official said, "The 2025 hacking turmoil was like a guideline that told hackers 'what kind of app to build to make crimes succeed,'" adding, "It was a year when 'information-stealing apps' designed to exfiltrate secondary core information based on first-tier data obtained through hacking ran rampant."