Kaspersky reports detecting half a million malicious files daily in 2025

Kaspersky’s detection systems discovered an average of 500,000 malicious files per day in 2025, marking a 7% increase compared to the previous year. Certain types of threats saw growth globally – there was a 59% surge in password stealer detections, a 51% growth in spyware detections and a 6% growth in backdoor detections compared to 2024.

These findings are part of the Kaspersky Security Bulletin series where we review the key cybersecurity trends of the past year.

Windows remains the primary target for cyberattacks. 48% of users on Windows were targeted by different types of threats throughout 2025. For Mac users, this figure stands at 29%.

Globally, 27% of users were attacked with web threats – these refer to malware that targets users when they are online. Web threats are not limited to online activity, but ultimately involve the internet at some stage for inflicted harm. In Latin America, 26% of users were attacked by web threats in 2025, while this share reached 25% in Africa, 21% in Europe and 19% in the Middle East.

33% of users were attacked with on-device threats. These include malware that is spread via removable USB drives, CDs and DVDs, or that initially makes its way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.). Africa headed the rating with 41% of users attacked with this type of threat; APAC reached 33%, Middle East – 32%, Latin America – 30%, and Europe 20%.

“The current cyberthreat landscape is defined by increasingly sophisticated multi-platform attacks, among other factors. One of the most significant revelations made by Kaspersky this year was the resurgence of the Hacking Team after its 2019 rebranding, with its commercial spyware Dante used in the ForumTroll APT campaign, which incorporated zero-day exploits in Chrome and Firefox browsers. This ties into broader trends where the number of registered vulnerabilities has been constantly increasing year-on-year. Protective solutions are indispensable, including detection and response tools, flexible patch management, continuous infrastructure monitoring, and comprehensive vulnerability analysis to neutralize threats. Equally crucial are user and employee training programs to boost cybersecurity awareness, simulate incident responses, and foster a culture of vigilance against phishing and social engineering. Without these layered approaches, the escalating threat ecosystem risks turning isolated incidents into widespread operational catastrophes,” comments Vladimir Kuskov, Head of Anti-Malware Research at Kaspersky.

Follow this link to learn more about other KSB reports.
To stay protected, Individual users should not download and install applications from untrusted sources. Do not click on any links from unknown sources or suspicious online advertisements and always use two-factor authentication when available. Always install updates when they become available; they contain fixes for critical security issues

Use a robust security solution appropriate to your system type and devices, such as Kaspersky Premium

Kaspersky recommends that organizations should always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities. Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary and always use strong passwords for them. Use advanced Kaspersky Next security products for comprehensive visibility across all company’s corporate infrastructure to rapidly hunt out, prioritize, investigate and neutralize complex threats and APT-like attacks. Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.

All statistics in this report come from Kaspersky Security Network (KSN). For 2025, the statistics cover the period from November 2024 through October 2025.