Kaspersky Report Reveals 1 Million Banking Accounts Compromised as E-Commerce Scams Surge to 85% of Financial Phishing in the Middle East

In a significant shift in the landscape of financial cybercrime, over one million online banking accounts were compromised last year due to the rise of infostealers. This alarming trend highlights a broader movement away from traditional PC banking malware towards more sophisticated methods of credential theft and data reuse. As attackers increasingly leverage social engineering tactics and dark web marketplaces, the prevalence of mobile financial malware continues to escalate.

The Evolving Threat Landscape

The latest findings from Kaspersky reveal that traditional financial phishing remains a persistent threat. In 2025, phishing pages mimicking e-commerce sites accounted for 48.5% of all financial phishing incidents, marking a 10.3% increase from the previous year. Conversely, phishing attempts targeting banks saw a decline to 26.1%, a drop of 16.5%, while payment systems experienced a slight increase to 25.5%, up by 6.2%.

This decline in bank-related phishing may indicate that these services are becoming harder to impersonate successfully. As a result, cybercriminals are shifting their focus to more accessible targets, particularly in regions where user account security is still lacking.

Regional Variations in Phishing Tactics

Attackers are tailoring their campaigns to align with regional digital behaviors. In the Middle East, a staggering 85.8% of financial phishing incidents are concentrated on e-commerce, reflecting a heavy reliance on online retail lures. In contrast, Africa sees bank-related phishing leading at 53.75%, suggesting that user account security in this region remains inadequate. Latin America presents a more balanced distribution, with significant targeting of both e-commerce and banking sectors. Meanwhile, Asia-Pacific and Europe exhibit a more diversified approach across all three categories, indicating varied attack strategies.

The Rise of Mobile Financial Malware

As users increasingly turn to mobile devices for financial management, the decline in incidents of financial PC malware has become evident. In 2025, mobile banker attacks surged by 1.5 times compared to the previous year, underscoring the need for enhanced security measures in mobile banking applications.

Infostealers have emerged as a critical enabler of financial crime, functioning on both PCs and mobile devices. These malicious programs harvest sensitive information such as login credentials, cookies, bank card numbers, crypto wallet seed phrases, and autofill data from browsers and applications. This data is then exploited for account takeovers or direct banking fraud.

Kaspersky’s data indicates a 59% global increase in infostealer detections from 2024 to 2025, with notable surges of 53% in Africa and 26% in the Middle East. This rise in infostealer activity is fueling a wave of credential-based attacks.

The Dark Web: A Hub for Financial Cybercrime

According to Kaspersky Digital Footprint Intelligence (DFI), over one million online banking accounts belonging to the world’s 100 largest banks were compromised in 2025, with credentials being freely traded on the dark web. The countries with the highest median number of compromised accounts per bank include India, Spain, and Brazil.

A staggering 74% of payment cards compromised by infostealer malware and identified by Kaspersky’s DFI team in 2025 remained valid as of March 2026. This statistic underscores the ongoing risk posed by stolen cards, which can be exploited long after their initial theft.

The dark web has evolved into a central hub for financial cybercrime. Stolen credentials and bank cards harvested by infostealers are aggregated, repackaged, and sold, while phishing kits targeting financial product users are offered as ready-to-use services. This self-sustaining ecosystem allows fraudsters with minimal experience to execute attacks easily.

Recommendations for Enhanced Security

To combat these growing threats, Kaspersky emphasizes the importance of proactive measures for both individual users and businesses.

For Individual Users:

• Avoid clicking on links from suspicious messages and verify web pages before entering credentials or banking details.
• Utilize multifactor authentication whenever possible, create strong, unique passwords, and store them securely in a password manager.
• Install a reliable security solution to protect against fraudulent online stores and phishing websites. Kaspersky Premium, for example, employs advanced detection technology to analyze website characteristics and URLs for suspicious patterns.

For Businesses:

• Conduct a comprehensive assessment of the entire infrastructure to identify and rectify vulnerabilities. Engaging external specialists can provide fresh perspectives on concealed risks.
• Implement integrated platforms to monitor and control all attack vectors, ensuring rapid detection and response across the organization. Solutions from Kaspersky Next offer real-time protection, threat visibility, and scalable capabilities for organizations of any size.
• Continuously monitor dark web resources to enhance coverage of potential threats and track the plans and activities of threat actors. Kaspersky’s Digital Footprint Intelligence service provides this essential monitoring capability.

The evolving landscape of financial cybercrime necessitates heightened awareness and proactive measures from both individuals and organizations. As cybercriminals continue to adapt their tactics, the importance of robust cybersecurity practices cannot be overstated.

Source: www.newsofbahrain.com

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.