Zimperium identifies 2,400 + malware variants targeting logins and MFA
Ransomware payouts hit new high in Q2 2025, driven by social engineering and data theft, says Veeam
CISO news
Zimperium identifies 2,400 + malware variants targeting logins and MFA
imperium, a leader in mobile security, has issued a warning
Z to organisations globally, that mobile‐based credential theft is accelerating.
Zimperium’ s global telemetry revealed more than 2,400 variants of mobile malware specifically engineered to steal login credentials and intercept multi‐factor authentication( MFA) codes. The attacks are powered by mishing( mobile‐focused phishing) campaigns and sideloaded apps that silently harvest access keys from the very devices employees rely on every day.
“ Massive breaches are no longer starting on desktops, they’ re starting in your pocket,” said Nicolás Chiaraviglio, Chief Scientist at Zimperium.“ What we saw last year is only the beginning. Organisations must take mobile security seriously to stop credential‐stealing malware before it compromises enterprise resources.”
Key trends from the past year
• Credential theft was tied to 16 % of cyberattacks in 2024, up from 10 % in 2023
• Attacks spread through mishing campaigns and sideloaded apps, often disguised as legitimate tools
• Major hotspots include Southeast Asia, but detections are global in scope
• Targeted industries: finance, retail and software, where stolen credentials have immediate value
Families like TriaStealer, TrickMo, AppLite, Triada, and SMS Stealer show how attackers exploit mobile devices – intercepting one‐time passwords, hijacking messaging apps, and exfiltrating sensitive data without detection.
Chiaraviglio added,“ Enterprises can no longer treat mobile as secondary in their security strategies. If your mobile defenses aren’ t proactive and real‐time, you’ re leaving the keys to your business exposed.”
Ransomware payouts hit new high in Q2 2025, driven by social engineering and data theft, says Veeam
new report from Coveware by Veeam reveals a dramatic escalation in targeted attacks, with hackers increasingly
A using social engineering and data exfiltration to extort record-high ransom payments.
According to Bill Siegel, CEO of Coveware by Veeam, the landscape has fundamentally changed.“ The second quarter of 2025 marks a turning point in ransomware, as targeted social engineering and data exfiltration have become the dominant playbook,” he said.”
Key findings from the Q2 2025 report:
• Social engineering: Three major ransomware groups dominated the quarter – Scattered Spider, Silent Ransom, and Shiny Hunters – each using highly targeted social engineering to breach organisations across various sectors.
• Ransom payments soar: Both the average and median ransom payments have rocketed to $ 1.13 million( up 104 % from Q1 2025) and $ 400,000( up 100 %), respectively.
• Data theft: Data exfiltration was a factor in 74 % of all cases, with many campaigns now prioritising data theft over traditional system encryption.
• Professional services: Professional services( 19.7 %), healthcare( 13.7 %), and consumer services( 13.7 %) bore the brunt of attacks. Mid-sized companies( 11 – 1,000 employees) made up 64 % of victims, proving to be a sweet spot for attackers who can balance payout potential against less mature defences.
• Attack techniques evolve: Credential compromise, phishing, and the exploitation of remote services continue to be the main methods for initial access.
• New entrants: Q2’ s top ransomware variants were Akira( 19 %), Qilin( 13 %), and Lone Wolf( 9 %). Silent Ransom and Shiny Hunters entered the top five for the first time.
12 WWW. INTELLIGENTCISO. COM