In a recent cybersecurity analysis conducted by Picus Security, it was revealed that malware designed to steal credentials from password stores has seen a significant increase in activity, now accounting for 25% of all malware threats. This marks a threefold increase in this type of malicious activity, highlighting the growing importance of protecting sensitive credentials.
The findings were outlined in Picus Security’s annual report, The Red Report 2025, which examined over one million malware samples collected throughout 2024. One of the key takeaways from the report was the emergence of credentials theft as a top concern, with attackers using various techniques such as memory scraping, registry harvesting, and compromising password managers to steal valuable login information.
Dr. Suleyman Ozarslan, co-founder and VP of Picus Labs, noted that threat actors are continuously refining their tactics to execute what they refer to as “the perfect heist.” This involves leveraging sophisticated methods to silently obtain credentials that provide access to critical systems. To combat this threat, Dr. Ozarslan emphasized the importance of using password managers in combination with multi-factor authentication and avoiding password reuse.
Another noteworthy finding from the report was the increase in malware complexity, with the average malware sample now containing 14 malicious actions. This evolution in cyber threats allows attackers to carry out complex operations across multiple stages, posing a greater challenge to cybersecurity defenses.
Additionally, the report highlighted the surge in exfiltration and stealth tactics employed by adversaries, with 11.3 million stealth and exfiltration-related actions detected in 2024. Attackers frequently use encrypted communication channels like HTTPS and DNS-over-HTTPS to evade detection and maintain persistence within compromised environments.
Contrary to speculation about AI-powered malware, Picus Security’s research found no significant increase in AI-generated threats in 2024. This suggests that current cybersecurity measures are effectively mitigating the risk posed by these advanced threats.
To combat the rise of sophisticated malware strains like “SneakThief,” Picus CTO and co-founder Volkan Ertürk recommended focusing on the top 10 MITRE ATT&CK techniques. By concentrating on these key techniques, security teams can disrupt the kill chain of malware early in the attack cycle, reducing the overall risk of successful breaches.
The methodology used in the analysis involved analyzing over one million malware samples collected in 2024, identifying 14,010,853 malicious actions, and systematically mapping them to the MITRE ATT&CK framework. This comprehensive approach provided valuable insights into the evolving threat landscape and highlighted the need for proactive cybersecurity measures.
Overall, the report underscores the growing threat posed by credential-stealing malware and the importance of implementing robust security measures to protect sensitive information. As cyber attackers continue to refine their tactics, organizations must stay vigilant and adapt their defenses to counter these evolving threats.