Cybercriminals are scaling back the volume of attacks in 2025 but not the damage. According to Gen’s Q1 2025 Cyber Threat Report, the start of the year saw a noticeable drop in the number of reported attacks globally. But this reprieve is largely cosmetic. The real change lies in the evolving sophistication of the threats, with a rising focus on financial fraud, social engineering, and mobile malware.
The report indicates that attackers are opting for quality over quantity, leveraging artificial intelligence and deception to execute more precise and damaging campaigns. The global cyber risk index held steady at 24.53%, continuing a high-risk trend from late 2024.
Financial Crime Gets Smarter, and Richer
Financially motivated attacks dominated the early months of 2025. One of the most notable came from the CryptoCore group, which used deep fakes and hijacked YouTube channels to promote fake cryptocurrency giveaways linked to President Trump’s inauguration. The scam reportedly generated about $3.8 million across 2,200 transactions.
On mobile, the Crocodilus banking trojan stood out. Designed to exploit smartphone accessibility features, it quietly stole crypto credentials, hitting hardest in Spain and Turkey. Meanwhile, fraud alerts surged, with LifeLock reporting a sharp uptick, underlining growing threats to consumer finances.
Breaches and Info Stealers on the Rise
While attack volumes dropped overall, data breaches spiked. The first quarter saw breach incidents climb over 36%, with compromised records up 186%. At the center of this surge was Lumma Stealer, a tool designed to grab credentials, crypto wallets, and two-factor authentication tokens. Authorities dismantled Lumma in a joint Europol and Microsoft operation, a rare win in an increasingly complex cyber battlefield.
Phishing also intensified, aided by trusted website builders like Weebly and Wix, which attackers used to host fraudulent login pages. Major phishing campaigns in the U.S. and Australia targeted telecom and streaming customers using emails that easily bypassed filters.
AI Shapes the Next Phase of Ransomware
Ransomware attacks remained steady, with Magniber accounting for two-thirds of global infections, affecting over 100,000 users. But the standout development was FunkSec, a ransomware strain allegedly built using AI-generated code. Experts say this could signal a broader trend, where AI allows even low-skilled actors to develop potent malware.
Notably, ransom payments dropped 35% year-over-year in 2024, a sign that fewer victims are paying up, likely due to better backup systems and more aggressive law enforcement targeting crypto exchanges used by criminals.
Users Are Tricking Themselves
An emerging threat involves so-called “scam-yourself” attacks, where users are manipulated into infecting their own devices. FakeCaptcha attacks, once limited to Windows, are now spreading to macOS, quietly delivering tools like the AMOS infostealer.
Fake browser update scams saw a 17-fold increase, especially in Europe. These tricks revive older malware strains like Wincir RAT, relying on users to install them manually. Gen says its software blocked more than 4 million such attacks in Q1 alone.
Social Media Remains a Cybercrime Goldmine
Facebook and YouTube continue to be exploited by scammers using compromised accounts and AI-generated personas. In one campaign, a fake influencer called “Thomas Harris” promoted fraudulent crypto tools through unlisted YouTube videos backed by paid ads. The ploy tricked users into deploying malicious smart contracts or copying dangerous code into fake coding environments.
These scams often rely on typo-squatted domains and mimic official branding to appear credible.
Mobile Malware Surges in Latin America and Asia
Mobile threats grew sharply, with adware and spyware on the rise. Gen reported a 25% increase in protected users. Brazil, Mexico, India, and Argentina were among the hardest-hit. Mexico saw a 42% spike in adware infections, while spyware attacks surged 96% in Spain and 84% in Turkey.
New spyware strains like SpySolr and Tambir contributed to the rise, targeting mobile users with increasingly evasive techniques.
Global Risk Varies, But No Region Is Immune
Cyber risk remains uneven across regions. China, Georgia, and Vietnam were the most at risk in Q1, with rates between 39% and 48%. In contrast, countries like Japan (16.1%), Germany (20.1%), and France (24.9%) faced lower, but still significant, threat levels. The Nordic region showed the strongest resilience, with Finland, Sweden, and Norway all below 24%.
In Africa, where cyber threats are growing rapidly, tools like Avast and AVG play a key role in providing advanced, localized protection.
As cybercriminals become increasingly adaptive and AI reshapes the digital landscape, cybersecurity strategies must evolve rapidly. The Q1 data underscores a key message: fewer attacks do not mean less danger. In fact, the opposite may be true.
