E-commerce phishing snagged 14.17% of financial attacks in 2025—double the bite on bank lures from just a year prior.
That’s Kaspersky’s Security Network talking, sifting through anonymized data from millions of devices. And here’s the kicker: while PC banking malware faded into the background, infostealers roared ahead, turning stolen creds into a dark web bazaar. Attackers aren’t sweating new code anymore—they’re aggregating, reusing, cashing in.
Look, this shift screams efficiency. Why build fancy Trojans when a $10 infostealer dump hands you logins for Chase, Steam, and Shopify? It’s market dynamics at work: low barrier to entry, high ROI.
Phishing’s New Playground: Games and Shops Over Banks
Phishers got picky in 2025. Digital services led at 16.15%, online games close behind at 14.58%. Banks? Slipping.
Phishing activity in 2025 shifted toward e-commerce (14.17%) and digital services (16.15%), with attackers increasingly tailoring campaigns to regional trends and user behavior.
That’s straight from the report—social engineering leveled up, mimicking brands users obsess over. Impulse buys in games, quick logins for deals. Attackers nailed it.
But regionally? Chaos. Middle East: online stores dominate, 48.45% globally but way higher there. CIS kids gaming? Phishers pounce on Telegram and Steam. APAC splits games and banks. Africa clings to financials—security gaps glaring. LATAM? Delivery scams ride e-commerce waves. Europe? Balanced buffet.
It’s adaptive predation. Attackers mirror habits like pros. Ignore this at your peril.
Financial PC malware? Down in prevalence. Veterans like old Trojans limp on, but fraud’s indirect now—steal creds, hit later. Mobile malware, though? That’s surging—check Kaspersky’s mobile deep-dive for the ugly stats.
Infostealers. The real stars. They’re the engine, pumping creds, cards, full profiles to dark web markets. Scale? Massive. Fraud ops run 24/7 on this fuel.
Why Infostealers Crushed Traditional Malware
Cost. Speed. Reuse.
Developing banking Trojans demands coders, testing, evasion tricks—expensive circus. Infostealers? Grab ‘em off forums, deploy en masse. One infection yields browser data, cookies, passwords. Aggregate across millions? Jackpot.
Dark web prices tell the tale: $1-5 per cred pack, identities fetch $50+. Volume wins.
My take—and this ain’t in the original—it’s the 2010s malware arms race redux, but flipped. Back then, antivirus crushed volume attacks; now, endpoint detection chases creds in the cloud. Attackers win by going upstream, hitting the human factor. Bold call: by 2026, we’ll see AI stitching stolen profiles into hyper-personalized scams—your bank’s app, but with your face.
Defenders? You’re late if you’re still patching binaries. Credential hygiene—passkeys, MFA everywhere— that’s the moat. Kaspersky’s data screams it.
PC banking threats persist, sure. But the pivot to mobile and creds? Undeniable. Global users blocked thousands of scam pages daily, per KSN.
Regional Fault Lines: Where Phishing Bites Hardest
Middle East fixates on stores—trust in brands runs deep, security lags.
CIS: Games and messengers. Young users, loose habits.
Africa’s bank-heavy—explains the lower institutional defenses. Brutal truth.
LATAM delivery phish? Boom times for logistics fraud.
APAC hedges bets. Europe diversifies.
These aren’t random. Attackers run A/B tests on regions, double down on winners. Your locale dictates the lure.
And the outlook? 2026 ramps up. Mobile malware climbs, infostealers evolve with AI obfuscation. Aggregation hits new highs—cross-site fraud, account takeovers at warp speed.
Here’s the thing: corporate spin calls this ‘evolution.’ Nah. It’s attackers outpacing defenses, plain. Banks tout AI guards? Cute—until a $2 infostealer breaches the human link.
Prediction time. Expect 30%+ jump in identity fraud claims by Q2 2026. Data brokers, meet dark web aggregators. Messy merger ahead.
Users, wake up. Check your digital footprint. Tools like Kaspersky block the obvious, but hygiene rules.
Financial firms? Ditch siloed security. Monitor dark web dumps, enforce zero-trust creds. Or bleed.
Will 2026 Be Worse for Financial Security?
Yes. Unless…
Infostealer hauls grow fatter—more devices, better stealth. Phishing matures, blending AI deepfakes with regional tweaks. Mobile’s the beachhead; desktops secondary.
But flip it: defenses harden. Passkeys proliferate, biometrics bite back. If banks mandate them, fraud dips 40%—my back-of-envelope from prior shifts.
Kaspersky’s crystal ball? Continued evolution. Traditional malware wanes; credential ops dominate.
Smart money bets on hybrid threats—infostealer + phishing chains.
Why Does This Matter for Your Wallet?
Daily risk.
One phish link, bye-bye savings. Stolen creds enable mules, laundering, takeovers. Dark web turns petty theft into empires.
Institutions? Billions lost. Regulators circle—fines loom for lax creds.
Pivot now. It’s not hype; it’s math.
🧬 Related Insights
- Read more: Iranian Hackers Nab FBI Director’s Old Gmail—FBI Systems Hold Firm
- Read more: Storm-1175’s Zero-Day Rampage: China Hackers Dropping Medusa Ransomware in Record Time
Frequently Asked Questions
What are infostealers and how do they target finance?
Infostealers are malware snatching browser data, passwords, cards—fueling financial fraud by selling creds on dark web markets.
How has financial phishing changed in 2025?
Shifted from banks to e-commerce (14.17%), games (14.58%), services—more targeted, regional.
Is banking malware dead in 2026?
PC side declining, but mobile’s rising fast—creds still king over complex Trojans.
