Password Stealer Increases in Southeast Asia, Indonesia Records 234,615 Attacks

JAKARTA - Global cybersecurity company Kaspersky has revealed that password stealer attacks targeting companies in Southeast Asia throughout 2025 increased by 18% compared to the previous year.

The highest increase in password stealer attacks occurred in the Philippines with an increase of 41%, followed by Malaysia 33%, Singapore 25%, Vietnam 21%, and Indonesia 7%. Meanwhile, Thailand is the only country that recorded a 21% decrease in attacks.

In detail, Indonesia recorded 219,195 attacks in 2024 and increased to 234,615 attacks in 2025. Malaysia rose from 183,053 to 244,061 attacks, while Vietnam remained the country with the highest number of attacks in the region with a total of 468,313 attacks throughout 2025.

Password stealer is a type of malware designed to steal passwords and other account information. This malware is able to extract confidential data stored in browsers and other applications, analyze caches and cookies, and even gain access to cryptocurrency wallet data.

The stolen credentials are then used by cyber criminals to gain unauthorized access to the victim's account. This action can be used to steal funds, steal identities, blackmail, and launch follow-up cyber attacks using the hacked account.

Managing Director of Kaspersky for Asia Pacific, Adrian Hia said that password stealers remain one of the most effective tools in the arsenal of cybercriminals, as they target the front door of every company/organization: user credentials.

"Kaspersky analyzed 193 million hacked passwords and found that 45% can be hacked within a minute, while only 23% are strong enough to withstand an attack for more than a year, highlighting how weak credentials continue to fuel large-scale intrusions," Hia explained.

He added that organizations need to adopt password managers that are capable of generating and storing credentials in a random and secure manner.

In addition, companies are also advised to implement multi-factor authentication, periodic credential audits, and privilege access restrictions.

According to Hia, employee training and the implementation of a cyber security culture in the company environment are also important steps to minimize the risk of password stealer attacks.