A newly released cybercrime analysis has revealed a dramatic rise in ransomware activity during 2025, with the number of victims increasing by 45% compared to the previous year. However, cybersecurity experts say the bigger concern lies in the growing dependence on stolen credentials as the main entry point for cyberattacks.
According to the State of Cybercrime 2026 report published by KELA, researchers identified nearly 2.86 billion compromised credentials, including passwords and session cookies capable of bypassing two-factor authentication (2FA). More than 30% of the exposed data originated from business cloud platforms and authentication services throughout 2025.
The report also highlighted a sharp increase in malware infections targeting Apple users. “infections on macOS devices increased from fewer than 1,000 cases in 2024 to more than 70,000 in 2025, a 7,000% increase,” the report confirmed.
Cybersecurity researchers have repeatedly warned about the growing threat posed by infostealer malware. Despite multiple law enforcement crackdowns and investigations into cybercriminal groups operating stolen password databases, the threat landscape continues to worsen year after year.
KELA described infostealer malware as software “designed to exfiltrate sensitive data from compromised machines, including login credentials, authentication tokens, and other critical account information.” The report further noted that the rise of malware-as-a-service platforms has significantly lowered the barrier for cybercriminals, making these tools widely accessible.
Between January 1 and December 31, 2025, KELA stated that it “observed approximately 3.9 million unique machines infected with infostealer malware globally, which collectively yielded 347.5 million compromised credentials.” Across all monitored criminal marketplaces and leaked databases, the total number of compromised credentials tracked reached 2.86 billion.
The report identified several major attack methods commonly used by infostealer operators during 2025:
- Email and messaging scams powered by AI-generated personalization, often bypassing MFA through Phishing-as-a-Service operations.
- Social engineering tactics that trick users into manually running malicious scripts, known as “hack your own password” attacks.
- Malicious advertisements and fake search engine results distributing trojanized software.
- Supply chain attacks involving poisoned software packages and fake developer tools targeting privileged accounts.
- Compromised browser extension updates enabling cookie theft and form-grabbing attacks.
- Pirated applications and counterfeit software updates continuing to spread infections effectively.
Security experts recommend several preventive measures to reduce exposure to these attacks. Users are advised to keep operating systems and software updated only through official sources and avoid clicking links from unsolicited emails or messages, even if they appear legitimate.
Experts also stress the importance of using password managers to prevent password reuse across multiple accounts, limiting the damage caused by a single breach. Enabling two-factor authentication on all supported accounts remains essential, although attackers are increasingly using session-cookie theft to bypass MFA protections.
To strengthen account security further, cybersecurity professionals are encouraging users to adopt passkeys instead of traditional passwords wherever possible. Passkeys offer built-in phishing resistance, are randomly generated, and do not share private authentication keys during sign-ins, making them significantly harder for infostealer malware to compromise.