Report: Password stores are targeted by 25% of malware

A report from Picus Security analyzes more than 1 million pieces of malware gathered in 2024, finding an increase in credential-stealing malware. 25% of malware targets password stores to harvest credentials, representing an amount three times greater than 2023. Additionally, for the first time, stealing credentials from password stores has been featured in the top 10 techniques included in the MITRE ATT&CK Framework. These top 10 techniques account for 93% of malicious acts in 2024. 

According to the report, malicious actors are prioritizing multi-stage attacks that depend on a new generation of malware. The evolution of data-stealing malware includes heightened automation, persistence and stealth, with a majority of malware samples possessing more than a dozen actions to help malicious actors avoid defensive measures.

Additional findings from the report include:

• There are an average of 14 malicious actions in malware samples, increasing malware’s complexity and capabilities. 
• 11.3 million actions in 2024 included exfiltration and stealth techniques. 
• There was no significant increase in AI-driven malware tactics for 2024.  

https://www.securitymagazine.com/articles/101364-report-password-stores-are-targeted-by-25-of-malware