Picus Security detailed its findings in the newly-released Red Report 2025, based on an in-depth analysis of more than a million malware variants collected last year, finding a quarter of all malware (25%) targeted credentials in password stores.
The attackers are using all sorts of sophisticated extraction methods in their attacks, Picus Security co-founder and VP of Picus Labs, Dr. Suleyman Ozarslan said, including memory scraping, registry harvesting, and compromising local and cloud-based password stores.
The researchers likened this increasing sophistication to “the perfect heist”, since most malware samples come with “more than a dozen malicious actions designed to help attackers evade defenses, increase permissions and exfiltrate data.”.
Picus said it’s seen threat actors prioritizing “complex, prolonged, multi-stage attacks” that require a new generation of malware.
To tackle the threat, Ozarslan added, it is pivotal people use password managers together with multi-factor authentication (MFA).
