<p>Mumbai: Password stealer malware is rapidly emerging as one of the most effective tools in the cybercriminal arsenal, with Indian businesses witnessing a sharp rise in attacks aimed at harvesting employee credentials and gaining unauthorised access to corporate networks.</p><p>According to cybersecurity firm Kaspersky, password stealer attacks targeting its business users in India increased by 20 per cent in 2025, highlighting a growing shift among attackers towards stealthier methods of infiltration that often evade traditional security alarms.</p>.Rise in spyware attacks poses growing risk to businesses: Kaspersky .<p>Kaspersky's business security solutions detected and blocked 225,223 password-stealing attacks across corporate networks in India during 2025, up from 188,470 incidents recorded in 2024, a press statement said, </p><p>The increase reflects a broader trend in global cybersecurity, where attackers are increasingly prioritising identity and credential theft over direct system compromise. Stolen passwords often provide a low-cost, low-risk pathway into corporate environments, enabling cybercriminals to bypass security controls, move laterally across networks and launch ransomware, financial fraud or data theft operations.</p><p>Password stealers are designed to secretly extract login credentials, browser-stored passwords, session cookies, authentication tokens and cryptocurrency wallet information from infected devices. Once obtained, these credentials can be sold on underground marketplaces or used directly to access corporate systems and online accounts.</p><p>"Password stealer attacks do not discriminate. Whether you are a large enterprise with hundreds of employees or a growing start-up, stolen credentials open the same doors for attackers. The 20 per cent surge we are seeing in India is a warning signal that no organisation is too big or too small to be targeted," said Jaydeep Singh, General Manager for India at Kaspersky.</p><p>"Businesses of every size need to treat credential security as a boardroom priority, not an IT afterthought," he added.</p><p>The findings come at a time when India's rapid digitalisation is expanding the cyber threat landscape. As organisations increasingly rely on cloud services, remote work environments, digital payments and interconnected business applications, identity has become the new security perimeter.=</p><p>Cybersecurity experts note that compromised credentials remain one of the leading causes of data breaches globally. In many cases, attackers gain access without exploiting sophisticated software vulnerabilities, relying instead on weak passwords, credential reuse, phishing attacks and stolen authentication tokens.</p><p>Kaspersky said businesses must strengthen credential security through dedicated password management systems, multi-factor authentication (MFA), routine access reviews and stricter privilege management policies.</p><p>"Organisations must act decisively by eliminating weak credential risks through dedicated password management solutions that create and protect truly randomised login details. Complementing this with robust access controls, including multi-factor authentication, routine credential reviews and restricting user privileges to only what is necessary, forms a strong defensive foundation," Singh said.</p>
<p>Mumbai: Password stealer malware is rapidly emerging as one of the most effective tools in the cybercriminal arsenal, with Indian businesses witnessing a sharp rise in attacks aimed at harvesting employee credentials and gaining unauthorised access to corporate networks.</p><p>According to cybersecurity firm Kaspersky, password stealer attacks targeting its business users in India increased by 20 per cent in 2025, highlighting a growing shift among attackers towards stealthier methods of infiltration that often evade traditional security alarms.</p>.Rise in spyware attacks poses growing risk to businesses: Kaspersky .<p>Kaspersky's business security solutions detected and blocked 225,223 password-stealing attacks across corporate networks in India during 2025, up from 188,470 incidents recorded in 2024, a press statement said, </p><p>The increase reflects a broader trend in global cybersecurity, where attackers are increasingly prioritising identity and credential theft over direct system compromise. Stolen passwords often provide a low-cost, low-risk pathway into corporate environments, enabling cybercriminals to bypass security controls, move laterally across networks and launch ransomware, financial fraud or data theft operations.</p><p>Password stealers are designed to secretly extract login credentials, browser-stored passwords, session cookies, authentication tokens and cryptocurrency wallet information from infected devices. Once obtained, these credentials can be sold on underground marketplaces or used directly to access corporate systems and online accounts.</p><p>"Password stealer attacks do not discriminate. Whether you are a large enterprise with hundreds of employees or a growing start-up, stolen credentials open the same doors for attackers. The 20 per cent surge we are seeing in India is a warning signal that no organisation is too big or too small to be targeted," said Jaydeep Singh, General Manager for India at Kaspersky.</p><p>"Businesses of every size need to treat credential security as a boardroom priority, not an IT afterthought," he added.</p><p>The findings come at a time when India's rapid digitalisation is expanding the cyber threat landscape. As organisations increasingly rely on cloud services, remote work environments, digital payments and interconnected business applications, identity has become the new security perimeter.=</p><p>Cybersecurity experts note that compromised credentials remain one of the leading causes of data breaches globally. In many cases, attackers gain access without exploiting sophisticated software vulnerabilities, relying instead on weak passwords, credential reuse, phishing attacks and stolen authentication tokens.</p><p>Kaspersky said businesses must strengthen credential security through dedicated password management systems, multi-factor authentication (MFA), routine access reviews and stricter privilege management policies.</p><p>"Organisations must act decisively by eliminating weak credential risks through dedicated password management solutions that create and protect truly randomised login details. Complementing this with robust access controls, including multi-factor authentication, routine credential reviews and restricting user privileges to only what is necessary, forms a strong defensive foundation," Singh said.</p>