Password-stealer malware is emerging as one of the most serious credential theft risks facing Indian enterprises, according to Kaspersky. The company says attacks targeting its business users in India rose 20% year on year in 2025, with detections increasing from 188,470 in 2024 to 225,223 last year.
The trend matters because password stealers do not rely on noisy disruption; they quietly extract stored passwords, browser data, cookies, tokens, and other sensitive credentials before attackers use them to access corporate systems. Kaspersky says this makes stolen credentials a powerful entry point for financial theft, identity theft, extortion, and follow-on attacks across enterprise networks.
Credential Theft Becomes the Entry Point
What makes this threat particularly dangerous is how ordinary it can look from the outside. Password stealers often work in the background by harvesting secrets from browsers and other local utilities, which means they can bypass traditional perimeter-style security controls if organisations are not watching for unusual authentication activity.
Kaspersky’s India general manager, Jaydeep Singh, said the surge is a warning that businesses of every size need to treat credential security as a boardroom issue rather than an IT afterthought. The message is less about one malware family and more about a broader shift in attacker behaviour toward stealthier access methods that are harder to detect early.
Why Indian Firms Are Exposed
The rise in attacks suggests that Indian businesses remain attractive targets because credentials can unlock a wide range of systems once they are stolen. Smaller organisations are not immune, but larger enterprises are especially exposed because a single compromised account can create a foothold into multiple internal tools, cloud services, and partner systems.
This also reflects a broader pattern in cybercrime: attackers increasingly prefer low-friction methods that can be scaled across many victims. Instead of forcing their way in with loud malware, they are choosing tools that quietly collect reusable access data and sell or exploit it later.
Stronger Defences Needed
The practical response begins with stronger credential hygiene, including unique passwords, password managers, and multifactor authentication. Kaspersky also recommends tighter access controls, regular credential reviews, and restricting privileges so that a stolen account does not automatically expose the rest of the environment.
The larger lesson is that credential security is now a core resilience issue for Indian enterprises. As password stealers become more common, companies need layered controls that combine user discipline, endpoint visibility, and faster incident response around compromised identities.
