Kaspersky has reported a marked rise in malicious activity across its detection systems in 2025, with an average of 500,000 malicious files identified every day. The figure represents a 7% increase from the previous year and reflects broader growth across several threat categories. Password stealers rose by 59%, spyware detections increased by 51% and backdoor detections climbed by 6% compared with 2024.
The findings were published as part of the annual Kaspersky Security Bulletin, which tracks shifting cyberthreat patterns and highlights the techniques increasingly used by attackers to compromise users and organisations. The company noted that Windows continued to be the most targeted operating system. Across the year, 48% of Windows users encountered at least one form of threat, while the share among MacOS users stood at 29%.
Web and on-device threats continue to evolve
Kaspersky’s telemetry also pointed to steady global exposure to both web-based and on-device threats. Web threats, which involve malware delivered or activated through internet activity, affected 27% of users worldwide. The highest shares of affected users were recorded in the CIS region at 34%, followed by Latin America at 26%, Africa at 25%, and Asia-Pacific at 23%. Europe and the Middle East registered lower but still notable levels at 21% and 19% respectively.
On-device threats followed a similar pattern, reaching 33% of users globally. These threats typically spread through removable storage, bundled installers or encrypted files. Africa recorded the highest exposure at 41%, with CIS at 39%. Asia-Pacific and the global average stood at 33%, while the Middle East reached 32%. Latin America reported 30%, and Europe saw the lowest share at 20%.
Regional shifts in threat patterns
The year saw marked differences in threat growth across regions. Latin America experienced a 24% rise in backdoors, a 35% rise in password stealers and a 64% increase in spyware. The Middle East saw password stealers climb by 26% and spyware by 37%.
Europe reported comparatively modest growth in on-device threats at 1%, yet still recorded steep increases in backdoors at 50%, exploits at 5%, password stealers at 48% and spyware at 64%. Asia-Pacific showed some of the most significant jumps, including a 132% rise in password stealers and a 32% rise in spyware. Africa recorded increases of 2% in backdoors, 43% in password stealers and 53% in spyware. In CIS countries, on-device threats grew by 19%, backdoors by 25%, exploits by 10%, password stealers by 67% and spyware by 68%.
Growing sophistication of cyberattacks
Alexander Liskin, Head of Threat Research at Kaspersky, said the threat landscape in 2025 was shaped by more advanced and persistent techniques targeting both individuals and organisations. “The current cyberthreat landscape is defined by increasingly sophisticated attacks on organisations and individuals around the world. One of the most significant revelations made by Kaspersky this year was the resurgence of the Hacking Team after its 2019 rebranding, with its commercial spyware Dante used in the ForumTroll APT campaign, incorporating zero-day exploits in Chrome and Firefox browsers,” he said.
He added that vulnerabilities remained a preferred entry point for attackers, followed by the use of stolen credentials. “Supply chain attacks are also common, including attacks on open-source software. This year the number of such attacks increased significantly, and we even saw the first widespread NPM worm Shai-Hulud.”
Liskin stressed the importance of robust security measures for all users. He warned that inadequate preparation could leave organisations facing prolonged downtime after an attack, while individuals risked the loss of personal data, funds and potential exposure within their workplaces.
