Pakistani companies have been advised to strengthen their cybersecurity posture by adopting digital risk protection services amid growing concerns over infostealer malware campaigns targeting corporate data and user credentials. The recommendation comes from cybersecurity company Kaspersky, which warned that organizations remain vulnerable to attacks that exploit user behavior to gain access to sensitive information. According to findings from Kaspersky Digital Footprint Intelligence (DFI), a significant proportion of infostealer infections originate from actions taken by users themselves, highlighting the continued importance of cybersecurity awareness alongside technical security controls. The company emphasized that businesses should take proactive measures to identify digital risks, monitor potential exposures, and improve protection mechanisms to reduce the likelihood of data theft and unauthorized access to corporate systems.
The research was based on an analysis of five million infostealer log files discovered on the dark web during 2025. These logs contained information stolen from compromised devices, including account credentials, browser cookies, and system metadata. Investigators also examined the original locations of malicious files on infected machines to better understand how attacks were initiated. The study found that the Windows temporary directory, commonly located within a user’s AppData folder, accounted for approximately 35 percent of all observed infections. This directory is frequently used by browsers to store downloaded content before it is permanently saved by users. Researchers concluded that a large number of infections occurred when users directly executed downloaded files from temporary browser folders. The findings indicate that attackers often succeed without relying on highly advanced techniques, instead taking advantage of unsafe user actions and weak cybersecurity practices. While sophisticated malware continues to evolve, the research showed that only 32 percent of infostealer attacks relied on methods such as process injection and living off the land techniques, which are generally associated with more advanced malware families.
According to Kaspersky, two behaviors consistently appeared in many infection cases. The first involved downloading software from untrusted or unofficial sources, while the second related to attempts to activate software illegally. Researchers observed that victims frequently followed instructions provided by threat actors, including disabling security software before executing downloaded files. Such actions significantly increase the likelihood of successful malware installation and subsequent credential theft. The analysis revealed that malicious files were commonly disguised as legitimate software installers, activation tools, and game modifications. Although game related content remains a popular lure among cybercriminals, researchers noted that the same distribution techniques can be adapted to deliver almost any type of malicious software. By presenting malware as useful or desirable applications, attackers continue to exploit trust and curiosity to compromise devices and gain access to valuable information.
Kaspersky reported that infostealer activity increased substantially during 2025, with infections rising by 59 percent compared to the previous year. The company stated that user behavior remains one of the most significant factors contributing to successful compromises, despite ongoing advancements in cybersecurity technologies. As cybercriminals continue to target credentials, cookies, and sensitive business information, organizations are being encouraged to implement stronger security awareness programs, improve monitoring capabilities, and adopt digital risk protection services to identify potential threats before they escalate. The findings underscore the importance of combining technical defenses with employee awareness initiatives, particularly as businesses face increasingly sophisticated attempts to harvest information through deceptive downloads and malware disguised as legitimate software. By addressing both technological and human risk factors, companies can strengthen their resilience against infostealer campaigns and reduce the likelihood of sensitive corporate data being exposed or traded on underground platforms.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
