{"id":2354,"date":"2026-04-08T09:05:10","date_gmt":"2026-04-08T09:05:10","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/"},"modified":"2026-04-08T09:05:10","modified_gmt":"2026-04-08T09:05:10","slug":"financial-cyberthreats-in-2025-and-the-outlook-for-2026","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/","title":{"rendered":"Financial cyberthreats in 2025 and the outlook for 2026"},"content":{"rendered":"<div>\n<p><img width=\"990\" height=\"400\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg\" class=\"attachment-securelist-huge-promo size-securelist-huge-promo wp-post-image\" alt=\"\" decoding=\"async\" loading=\"lazy\"><\/p>\n<p>In 2025, the financial cyberthreat landscape continued to evolve. While traditional PC banking malware declined in relative prevalence, this shift was offset by the rapid growth of credential theft by infostealers. Attackers increasingly relied on aggregation and reuse of stolen data, rather than developing entirely new malware capabilities.<\/p>\n<p>To describe the financial threat landscape in 2025, we analyzed anonymized data on malicious activities detected on the devices of Kaspersky security product users and consensually provided to us through the Kaspersky Security Network (KSN), along with publicly available data and data on the dark web.<\/p>\n<p>We analyzed the data for<\/p>\n<ul>\n<li>financial phishing,<\/li>\n<li>banking malware,<\/li>\n<li>infostealers and the dark web.<\/li>\n<\/ul>\n<h2 id=\"key-findings\">Key findings<\/h2>\n<p><strong>Phishing<\/strong><\/p>\n<p>Phishing activity in 2025 shifted toward e-commerce (14.17%) and digital services (16.15%), with attackers increasingly tailoring campaigns to regional trends and user behavior, making social engineering more targeted despite reduced focus on traditional banking lures.<\/p>\n<p><strong>Banking malware<\/strong><\/p>\n<p>Financial PC malware declined in prevalence but remained a persistent threat, with established families continuing to operate, while attackers increasingly prioritize credential access and indirect fraud over deploying complex banking Trojans. To the contrary, mobile banking malware continues growing, as we wrote in detail in our <a href=\"https:\/\/securelist.com\/mobile-threat-report-2025\/119076\/#mobile-banking-trojans\" target=\"_blank\" rel=\"noopener\">mobile malware report<\/a>.<\/p>\n<p><strong>Infostealers and the dark web<\/strong><\/p>\n<p>Infostealers became a central driver of financial cybercrime, fueling a growing dark web economy where stolen credentials, payment data, and full identity profiles are traded at scale, enabling widespread and destructive fraud operations.<\/p>\n<h2 id=\"financial-phishing\">Financial phishing<\/h2>\n<p>In 2025, online fraudsters continued to lure users to phishing and scam pages that mimicked the websites of popular brands and financial organizations. Attackers leveraged increasingly convincing social engineering techniques and brand impersonation to exploit user trust. Rather than relying solely on volume, campaigns showed greater targeting and contextual adaptation, reflecting a maturation of phishing operations.<\/p>\n<p>The distribution of top phishing categories in 2025 shows a clear shift toward digital platforms that aggregate multiple user activities, with web services (16.15%), online games (14.58%), and online stores (14.17%) leading globally. Compared to 2024, the rise of online games and the decline of social networks and banks indicate that attackers are increasingly targeting environments where users are more likely to take a risk or engage impulsively. Categories such as instant messaging apps and global internet portals remain significant phishing targets, reflecting their role as communication and access hubs that can be exploited for credential harvesting.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/fLbcPrGRykN5pJi0AFMH\" data-type=\"interactive\" data-title=\"01 EN Financial report graphics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 10 categories of organizations mimicked by phishing and scam pages that were blocked on home users\u2019 devices, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06184540\/financial-threat-report-20251.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>Regional patterns further reinforce the adaptive nature of phishing campaigns, showing that attackers closely align category targeting with local digital habits. For example, online stores dominate heavily in the Middle East.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/08nKBwS1MChjUTm1wkBl\" data-type=\"interactive\" data-title=\"02 EN Financial report graphics - Middle East\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 10 categories of organizations mimicked by phishing and scam pages that were blocked on home users\u2019 devices in the Middle East, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06184751\/financial-threat-report-20252.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>Online games and instant messaging platforms feature more prominently in the CIS, suggesting a focus on younger or highly connected user bases.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/FvZQYwrlWZ2biUtVt4IO\" data-type=\"interactive\" data-title=\"02 EN Financial report graphics - CIS\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 10 categories of organizations mimicked by phishing and scam pages that were blocked on home users\u2019 devices in the CIS, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06185706\/financial-threat-report-20253.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>APAC demonstrates almost equal shares of online games and banks which signifies a combined approach targeting different users.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/4daRC3xF5HyPIqxDwK7x\" data-type=\"interactive\" data-title=\"02 EN Financial report graphics - APAC\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 10 categories of organizations mimicked by phishing and scam pages that were blocked on home users\u2019 devices in APAC, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06185844\/financial-threat-report-20254.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>In Africa, a stronger emphasis on banks reflects the continued importance of traditional financial services. Most likely, this is due to the lower security level of the financial institutions in the region.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/mBwDUmfrzRDdYpxIT1oJ\" data-type=\"interactive\" data-title=\"02 EN Financial report graphics - Africa\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 10 categories of organizations mimicked by phishing and scam pages that were blocked on home users\u2019 devices in Africa, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190018\/financial-threat-report-20255.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>Whereas in LATAM, delivery companies appearing in the top categories indicate attackers exploiting the growth of e-commerce logistics.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/9fxvmbJ5n95rC1FtEWSA\" data-type=\"interactive\" data-title=\"02 EN Financial report graphics - LATAM\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 10 categories of organizations mimicked by phishing and scam pages that were blocked on home users\u2019 devices in Latin America, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190217\/financial-threat-report-20256.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>Europe presents a more balanced distribution across categories, pointing to diversified attack strategies.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/ZWtGsopgOJzRKLwfPxAx\" data-type=\"interactive\" data-title=\"02 EN Financial report graphics - Europe\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 10 categories of organizations mimicked by phishing and scam pages that were blocked on home users\u2019 devices in Europe, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190340\/financial-threat-report-20257.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>Attackers actively localize their tactics to maximize relevance and effectiveness.<\/p>\n<p>The distribution of financial phishing pages by category in 2025 reveals strong regional asymmetries that reflect both user behavior and attacker prioritization.<\/p>\n<p>Globally, online stores dominated (48.45%), followed by banks (26.05%) and payment systems (25.50%). The decline in bank phishing may suggest that these services are becoming increasingly difficult to successfully impersonate, so fraudsters are turning to easier ways to access users\u2019 finances.<\/p>\n<p>However, this balance shifts significantly at the regional level.<\/p>\n<p>In the Middle East, phishing is overwhelmingly concentrated on e-commerce (85.8%), indicating a heavy reliance on online retail lures, whereas in Africa, bank-related phishing leads (53.75%), which may indicate that user account security there is still insufficient. LATAM shows a more balanced distribution but with a higher share of online store targeting (46.30%), while APAC and Europe display a more even spread across all three categories, pointing to diversified attack strategies. These variations suggest that attackers are not operating uniformly but are instead adapting campaigns to regional digital habits, payment ecosystems, and trust patterns \u2013 maximizing effectiveness by aligning phishing content with the most commonly used financial services in each market.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/GqeajcroxccnKGaVJPPa\" data-type=\"interactive\" data-title=\"03 EN Financial report graphics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Distribution of financial phishing pages by category and region, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190640\/financial-threat-report-20258.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h3 id=\"online-shopping-scams\">Online shopping scams<\/h3>\n<p>The distribution of organizations mimicked by phishing and scam pages in 2025 highlights a clear shift toward globally recognized digital service and e-commerce brands, with attackers prioritizing platforms that have large, active user bases and frequent payment interactions.<\/p>\n<p><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-scaled.png\" class=\"magnificImage\"><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter size-full wp-image-119314\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-scaled.png\" alt=\"\" width=\"2560\" height=\"1046\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-scaled.png 2560w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-300x123.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-1024x418.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-768x314.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-1536x628.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-2048x837.png 2048w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-857x350.png 857w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-740x302.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-685x280.png 685w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190800\/financial-threat-report-20259-800x327.png 800w\" sizes=\"(max-width: 2560px) 100vw, 2560px\"><\/a><\/p>\n<p>Netflix (28.42%) solidified its ranking as the most impersonated brand, followed by Apple (20.55%), Spotify (18.09%), and Amazon (17.85%). This reflects a move away from traditional retail-only targets toward subscription-based and ecosystem-driven services.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/6DSjGTGgJatfwwpT06fs\" data-type=\"interactive\" data-title=\"04 EN Financial report graphics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 10 online shopping brands mimicked by phishing and scam pages, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06190930\/financial-threat-report-202510.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>Regionally, this trend varies: Netflix dominates heavily in the Middle East, Apple leads in APAC, while Spotify ranks first across Europe, LATAM, and Africa. Although most of the top platforms are highly popular across different regions, we may suggest that the attackers tailor brand impersonation to regional popularity and user engagement.<\/p>\n<h3 id=\"payment-system-phishing\">Payment system phishing<\/h3>\n<p>Phishing campaigns are impersonating multiple payment ecosystems to maximize coverage. While PayPal was the most mimicked in 2024 with 37.53%, its share dropped to 14.10% in 2025. Mastercard, on the contrary, attracted cybercriminals\u2019 attention, its share increasing from 30.54% to 33.45%, while Visa accounted for a significant 20.06% (last year, it wasn\u2019t in the TOP 5), reinforcing the growing focus on widely used banking card networks. The continued presence of American Express (3.87%) and the increasing number of pages mimicking PayPay (11.72%) further highlight attacker experimentation and regional adaptation.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/BpX2YlkLUZkrcEKi3CLN\" data-type=\"interactive\" data-title=\"05 EN Financial report graphics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 5 payment systems mimicked by phishing and scam pages, 2025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191138\/financial-threat-report-202511.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h2 id=\"financial-malware\">Financial malware<\/h2>\n<p>In 2025, the decline in users affected by financial PC malware continued. On the one hand, people continue to rely on mobile devices to manage their finances. On the other hand, some of the most prominent malware families that were initially designed as bankers had not used this functionality for years, so we excluded them from these statistics.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/CnknWg6KI86lcwX9n6sI\" data-type=\"interactive\" data-title=\"06 EN Financial report graphics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Changes in the number of unique users attacked by banking malware, by month, 2023\u20132025 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191325\/financial-threat-report-202512.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>Windows systems remained the primary platform targeted by attackers with financial malware. According to <a href=\"https:\/\/lp.kaspersky.com\/global\/ksb2025-finance\/\" target=\"_blank\" rel=\"noopener\">Kaspersky Security Bulletin<\/a>, overall detections included 1,338,357 banking Trojan attacks globally from November 2024 to October 2025, though this number is also declining due to increasing focus on mobile vectors. Desktop threats continued to be distributed via traditional delivery methods like malicious emails, compromised websites, and droppers.<\/p>\n<p>In 2025, Brazilian-origin families such as <a href=\"https:\/\/securelist.com\/tag\/grandoreiro\/\" target=\"_blank\" rel=\"noopener\">Grandoreiro<\/a> (part of the Tetrade group) stood out for their constant activity and global reach. Despite a major law enforcement disruption in early 2024, Grandoreiro <a href=\"http:\/\/securityweek.com\/fresh-grandoreiro-banking-trojan-campaigns-target-latin-america-europe\/\" target=\"_blank\" rel=\"noopener\">remained active<\/a> in 2025, re-emerging with updated variants and continuing to operate. Other notable actors included Coyote and emerging families like <a href=\"https:\/\/securelist.com\/maverick-banker-distributing-via-whatsapp\/117715\/\" target=\"_blank\" rel=\"noopener\">Maverick<\/a>, which abused WhatsApp for distribution while maintaining fileless techniques and overlaps with established Brazilian banking malware to steal credentials and enable fraudulent transactions on desktop banking platforms. Besides traditional bankers, other Brazilian malware families are worth mentioning, which specifically target relatively new and highly popular regional payment systems. One of the most prominent threats among these is <a href=\"https:\/\/securelist.com\/gopix-banking-trojan\/119173\/\" target=\"_blank\" rel=\"noopener\">GoPix<\/a> Trojan focusing on the users of Brazilian <a href=\"https:\/\/en.wikipedia.org\/wiki\/Pix_(payment_system)\" target=\"_blank\" rel=\"noopener\">Pix payment system<\/a>. It is also capable of targeting local <a href=\"https:\/\/en.wikipedia.org\/wiki\/Boleto\" target=\"_blank\" rel=\"noopener\">Boleto<\/a> payment method, as well as stealing cryptocurrency.<\/p>\n<p>There was also a surge in incidents in 2025 in which fraudsters targeted organizations through electronic document management (EDM) systems, for example, by substituting invoice details to trick victims into transferring funds. The Pure Trojan was most frequently encountered in such attacks. Attackers typically distribute it through targeted emails, using abbreviations of document names, software titles, or other accounting-related keywords in the headers of attached files. Globally in the corporate segment, Pure was detected 896 633 times over 2025, with over 64 thousand users attacked.<\/p>\n<p>Contrary to PC banking malware, mobile banker attacks grew by 1.5 times in 2025 compared to the previous reporting period, which is consistent with their growth in 2024. They also saw a sharp surge in the number of unique installation packages. More statistics and trends on mobile banking malware can be found in our yearly <a href=\"https:\/\/securelist.com\/mobile-threat-report-2025\/119076\/#mobile-banking-trojans\" target=\"_blank\" rel=\"noopener\">mobile threat report<\/a>.<\/p>\n<p>Complementing traditional financial malware, infostealers played a significant role in enabling financial crime both on PCs and mobile devices by harvesting credentials, cookies, and autofill data from browsers and applications, which attackers then used for account takeovers or direct banking fraud. Kaspersky analyses <a href=\"https:\/\/lp.kaspersky.com\/global\/ksb2025-number-of-the-year\/\" target=\"_blank\" rel=\"noopener\">pointed<\/a> to a surge in infostealer detections (up by 59% globally on PCs), fueling credential-based attacks.<\/p>\n<h2 id=\"financial-cyberthreats-on-the-dark-web\">Financial cyberthreats on the dark web<\/h2>\n<p>The Kaspersky Digital Footprint Intelligence (DFI) team closely monitors infostealer activity on both PC and mobile devices to analyze emerging trends and assess the evolving tactics of cybercriminals.<\/p>\n<p>Fraudsters especially target financial data such as payment cards, cryptocurrency wallets, login credentials and cookies for banking services, as well as documents stored on the victim\u2019s device. The stolen data is collected in log files and <a href=\"https:\/\/securelist.com\/what-happens-to-stolen-data-after-phishing-attacks\/118180\/#selling-data-on-dark-web-markets\">shared on <\/a><a href=\"https:\/\/securelist.com\/what-happens-to-stolen-data-after-phishing-attacks\/118180\/#selling-data-on-dark-web-markets\" target=\"_blank\" rel=\"noopener\">dark web resources<\/a>, where they are bought, sold, or distributed freely and then used for financial fraud.<\/p>\n<p>With access to financial data, fraudsters can gain control of users\u2019 bank accounts and payment cards, and withdraw funds. Compromised accounts and cards are also frequently used in subsequent activities, turning the victims into intermediaries in a fraud scheme.<\/p>\n<h3 id=\"compromised-accounts\">Compromised accounts<\/h3>\n<p>Kaspersky DFI found that in 2025,\u202fover one million online banking accounts (these are not Kaspersky product users) served by the <a href=\"https:\/\/www.spglobal.com\/market-intelligence\/en\/news-insights\/articles\/2025\/4\/the-worlds-largest-banks-by-assets-2025-88424232\" target=\"_blank\" rel=\"noopener\">world\u2019s 100 largest banks<\/a> fell victim to infostealers: their credentials were being freely shared on the dark web.<\/p>\n<p>The countries with the highest median number of compromised accounts per bank were India, Spain, and Brazil.<\/p>\n<p>The chart below shows the median number of compromised accounts per bank for the TOP 10 countries.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/GAyNx4ypyeykaUQxQyXG\" data-type=\"interactive\" data-title=\"07 EN Financial report graphics\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>TOP 10 countries with the highest compromised account median (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191641\/financial-threat-report-202513.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h3 id=\"compromised-payment-cards\">Compromised payment cards<\/h3>\n<p>Seventy-four percent of payment cards that were compromised by infostealer malware, published on dark web resources and identified by the Digital Footprint Intelligence team in\u202f2025, remained valid as of March\u202f2026. This means that attackers could still use the cards that had been stolen months or even years prior.<\/p>\n<p>It should be noted that the number of bank accounts and payment cards known to have been compromised by infostealers in\u202f2025 will continue to rise, because fraudsters do not publish the log files immediately after the compromise but only after a delay of months or even years.<\/p>\n<h3 id=\"data-breaches\">Data breaches<\/h3>\n<p>Regardless of the industry in which the target company operates, data breaches often expose users\u2019 financial data, including payment card information, bank account details, transaction histories and other financial information. As a consequence, the compromised databases are sold and distributed on underground resources.<\/p>\n<p>It should be noted that the threat is not limited to the exposure of financial information alone. Various identity documents and even seemingly public data, such as names, phone numbers and email addresses, can become a risk when they are published on the dark web. Such data attracts fraudsters\u2019 attention and can be used in social engineering attacks to gain access to the user\u2019s financial assets.<\/p>\n<div id=\"attachment_119319\" style=\"width: 1755px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-119319\" class=\"size-full wp-image-119319\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514.png\" alt=\"An example of a post offering a database\" width=\"1745\" height=\"984\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514.png 1745w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514-300x169.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514-1024x577.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514-768x433.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514-1536x866.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514-800x451.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514-621x350.png 621w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514-740x417.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191749\/financial-threat-report-202514-497x280.png 497w\" sizes=\"auto, (max-width: 1745px) 100vw, 1745px\"><\/a><\/p>\n<p id=\"caption-attachment-119319\" class=\"wp-caption-text\">An example of a post offering a database<\/p>\n<\/div>\n<h3 id=\"sale-of-bank-accounts-and-payment-cards\">Sale of bank accounts and payment cards<\/h3>\n<p>The dark web often features services provided by stores that specialize in selling bank accounts and payment cards. Fraudsters typically obtain data for sale from a variety of sources, including infostealer logs and leaked databases, which are first repackaged and then combined.<\/p>\n<div id=\"attachment_119320\" style=\"width: 2570px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-scaled.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-119320\" class=\"size-full wp-image-119320\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-scaled.png\" alt=\"Examples of a post (top) and a site (bottom) offering payment cards\" width=\"2560\" height=\"2366\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-scaled.png 2560w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-300x277.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-1024x947.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-768x710.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-1536x1420.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-2048x1893.png 2048w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-379x350.png 379w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-740x684.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-303x280.png 303w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191857\/financial-threat-report-202515-800x739.png 800w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\"><\/a><\/p>\n<p id=\"caption-attachment-119320\" class=\"wp-caption-text\">Examples of a post (top) and a site (bottom) offering payment cards<\/p>\n<\/div>\n<p>Often, sellers offer complete victim profiles, referred to by fraudsters as \u201cfullz\u201d. These include not only bank accounts or payment cards but also identification documents, dates of birth, residential addresses, and other personal details. A full\u2011information package is usually more expensive than a payment card or a bank account alone.<\/p>\n<div id=\"attachment_119321\" style=\"width: 2570px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-scaled.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-119321\" class=\"size-full wp-image-119321\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-scaled.png\" alt=\"Examples of a post (top) and a site (bottom) offering bank accounts\" width=\"2560\" height=\"2407\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-scaled.png 2560w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-300x282.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-1024x963.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-768x722.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-1536x1444.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-2048x1926.png 2048w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-372x350.png 372w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-740x696.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-298x280.png 298w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06191952\/financial-threat-report-202516-800x752.png 800w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\"><\/a><\/p>\n<p id=\"caption-attachment-119321\" class=\"wp-caption-text\">Examples of a post (top) and a site (bottom) offering bank accounts<\/p>\n<\/div>\n<h3 id=\"compiled-databases\">Compiled databases<\/h3>\n<p>Fraudsters exploit various sources, including previously leaked databases, to compile new, thematic ones. Finance- and, in particular, cryptocurrency-related databases, are among the most popular. Compilations aimed at specific user groups, such as the elderly or wealthy people, are also of interest to cybercriminals.<\/p>\n<p>Usually, thematic databases contain personal information about users, such as names, phone numbers, and email addresses. Fraudsters can use this data to launch social engineering attacks.<\/p>\n<div id=\"attachment_119322\" style=\"width: 798px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192041\/financial-threat-report-202517.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-119322\" class=\"size-full wp-image-119322\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192041\/financial-threat-report-202517.png\" alt=\"An example of a message offering compiled databases\" width=\"788\" height=\"743\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192041\/financial-threat-report-202517.png 788w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192041\/financial-threat-report-202517-300x283.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192041\/financial-threat-report-202517-768x724.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192041\/financial-threat-report-202517-371x350.png 371w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192041\/financial-threat-report-202517-740x698.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192041\/financial-threat-report-202517-297x280.png 297w\" sizes=\"auto, (max-width: 788px) 100vw, 788px\"><\/a><\/p>\n<p id=\"caption-attachment-119322\" class=\"wp-caption-text\">An example of a message offering compiled databases<\/p>\n<\/div>\n<h3 id=\"creation-of-phishing-websites\">Creation of phishing websites<\/h3>\n<p>Phishing websites have become a powerful tool for the financial enrichment of fraudsters. Cybercriminals create fraudulent sites that masquerade as legitimate resources of companies operating in various industries. Gambling and retail sites remain among the most popular targets.<\/p>\n<p>In order to obtain personal and financial information from unsuspecting users, adversaries seek out ways to create such phishing websites. Ready-made layouts and website copies are sold on the dark web and advertised as profitable tools. Moreover, fraudsters offer phishing website creation services.<\/p>\n<div id=\"attachment_119323\" style=\"width: 1928px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-scaled.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-119323\" class=\"size-full wp-image-119323\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-scaled.png\" alt=\"Examples of posts offering creation of phishing websites\" width=\"1918\" height=\"2560\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-scaled.png 1918w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-225x300.png 225w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-767x1024.png 767w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-768x1025.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-1151x1536.png 1151w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-1534x2048.png 1534w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-262x350.png 262w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-740x988.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-210x280.png 210w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/04\/06192143\/financial-threat-report-202518-674x900.png 674w\" sizes=\"auto, (max-width: 1918px) 100vw, 1918px\"><\/a><\/p>\n<p id=\"caption-attachment-119323\" class=\"wp-caption-text\">Examples of posts offering creation of phishing websites<\/p>\n<\/div>\n<h2 id=\"conclusion\">Conclusion<\/h2>\n<p>The decline of traditional PC banking malware is not an indicator of reduced risk; rather, it highlights a redistribution of attacker effort toward more efficient methods targeting mobile devices, credential theft, and social engineering. Infostealers, in particular, are a force multiplier, enabling widespread compromise at scale.<\/p>\n<p>Looking ahead to 2026, the financial threat landscape is expected to become even more data-driven and automated. Organizations must adapt by focusing on identity protection, real-time monitoring, and cross-channel threat intelligence, while users must remain vigilant against increasingly sophisticated and personalized attack techniques.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>In 2025, the financial cyberthreat landscape continued to evolve. While traditional PC banking malware declined in relative prevalence, this shift was offset by the rapid growth of credential theft by infostealers. Attackers increasingly relied on aggregation and reuse of stolen data, rather than developing entirely new malware capabilities. To describe the financial threat landscape in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[227,975,980,90,225,228,979,237,240,981,505,978,982,664,226,976,94,631,89,555,222,235,977,637,257],"tags":[91],"class_list":["post-2354","post","type-post","status-publish","format-standard","hentry","category-credentials-theft","category-credit-cards","category-crimeware","category-cybersecurity","category-darknet","category-data-theft","category-digital-forensics","category-financial-malware","category-financial-threats","category-grandoreiro","category-infostealers","category-mastercard","category-maverick","category-mobile-malware","category-money-theft","category-paypal","category-phishing","category-phishing-websites","category-publications","category-scam","category-spam-and-phishing","category-trojan-banker","category-visa","category-web-threats","category-windows-malware","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Financial cyberthreats in 2025 and the outlook for 2026 - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Financial cyberthreats in 2025 and the outlook for 2026 - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"In 2025, the financial cyberthreat landscape continued to evolve. While traditional PC banking malware declined in relative prevalence, this shift was offset by the rapid growth of credential theft by infostealers. Attackers increasingly relied on aggregation and reuse of stolen data, rather than developing entirely new malware capabilities. To describe the financial threat landscape in [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-08T09:05:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Financial cyberthreats in 2025 and the outlook for 2026\",\"datePublished\":\"2026-04-08T09:05:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/\"},\"wordCount\":2352,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Credentials theft\",\"Credit Cards\",\"crimeware\",\"Cybersecurity\",\"Darknet\",\"Data theft\",\"Digital forensics\",\"Financial malware\",\"Financial threats\",\"Grandoreiro\",\"Infostealers\",\"Mastercard\",\"Maverick\",\"Mobile Malware\",\"Money theft\",\"Paypal\",\"Phishing\",\"Phishing websites\",\"Publications\",\"Scam\",\"Spam and phishing\",\"Trojan Banker\",\"VISA\",\"Web threats\",\"Windows malware\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/\",\"name\":\"Financial cyberthreats in 2025 and the outlook for 2026 - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg\",\"datePublished\":\"2026-04-08T09:05:10+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#primaryimage\",\"url\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg\",\"contentUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Financial cyberthreats in 2025 and the outlook for 2026\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Financial cyberthreats in 2025 and the outlook for 2026 - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/","og_locale":"en_US","og_type":"article","og_title":"Financial cyberthreats in 2025 and the outlook for 2026 - Imperative Business Ventures Limited","og_description":"In 2025, the financial cyberthreat landscape continued to evolve. While traditional PC banking malware declined in relative prevalence, this shift was offset by the rapid growth of credential theft by infostealers. Attackers increasingly relied on aggregation and reuse of stolen data, rather than developing entirely new malware capabilities. To describe the financial threat landscape in [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-04-08T09:05:10+00:00","og_image":[{"url":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Financial cyberthreats in 2025 and the outlook for 2026","datePublished":"2026-04-08T09:05:10+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/"},"wordCount":2352,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg","keywords":["Cybersecurity"],"articleSection":["Credentials theft","Credit Cards","crimeware","Cybersecurity","Darknet","Data theft","Digital forensics","Financial malware","Financial threats","Grandoreiro","Infostealers","Mastercard","Maverick","Mobile Malware","Money theft","Paypal","Phishing","Phishing websites","Publications","Scam","Spam and phishing","Trojan Banker","VISA","Web threats","Windows malware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/","name":"Financial cyberthreats in 2025 and the outlook for 2026 - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg","datePublished":"2026-04-08T09:05:10+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#primaryimage","url":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg","contentUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/03\/27134732\/financial-report-2025-featured-image-990x400.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/04\/08\/financial-cyberthreats-in-2025-and-the-outlook-for-2026\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Financial cyberthreats in 2025 and the outlook for 2026"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=2354"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2354\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=2354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=2354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=2354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}