Kaspersky: Financial Cyber Threats Surged 15% in 2025

Executive Summary

Kaspersky's 2025 financial threat report documents a 15% year-over-year increase in cyber attacks targeting financial institutions and their customers, according to telemetry from their security products. The report, published April 25, 2026, attributes the rise primarily to a surge in infostealer malware and increasingly sophisticated phishing campaigns. Android banking malware saw a 20% increase in Latin America, the region with the highest concentration of such threats.

Technical Analysis

Kaspersky's data, drawn from opt-in telemetry across its user base, shows that infostealers accounted for the largest share of financial malware detections in 2025, displacing traditional banking Trojans in many regions. The researchers observed a shift toward modular malware families that can harvest credentials, session cookies, and cryptocurrency wallet data in a single infection. Phishing pages targeting financial services grew in volume and fidelity, with attackers increasingly using reverse-proxy frameworks to bypass multi-factor authentication in real time.

Regionally, Latin America remained the most targeted area for Android banking malware, with a 20% increase in detections compared to 2024. Kaspersky notes that the region's high mobile banking adoption and fragmented security update cycles create a fertile environment for these threats. In Europe and North America, desktop infostealers targeting corporate credentials and cryptocurrency wallets dominated the threat landscape.

The report also highlights a rise in targeted attacks against financial APIs and payment infrastructure, though it does not attribute these to specific threat actors. Kaspersky's researchers caution that the data may undercount incidents in regions with lower telemetry coverage, such as parts of Africa and Southeast Asia.

Mitigations & Recommendations

Defenders in the financial sector should prioritize endpoint detection rules for infostealer behavior, particularly credential theft and session hijacking. Organizations should enforce phishing-resistant multi-factor authentication (e.g., FIDO2/WebAuthn) for all customer-facing and internal financial systems. For mobile banking applications, regular security audits and runtime application self-protection (RASP) can help detect Android banking malware. Kaspersky recommends that financial institutions share threat intelligence with regional CERTs and participate in sector-specific ISACs to improve collective defense.