Singapore accounts for 25% of password stealer detections in Southeast Asia
Kaspersky data shows growing exposure to password stealers and spyware.
Singapore accounted for 25% of password stealer detections amongst Southeast Asian countries in 2025, according to data from Kaspersky, as the cybersecurity firm reported an 18% year-on-year (YoY) increase in such attacks across the region.
It trailed the Philippines, which recorded the highest share at 41% and Malaysia at 33%. Meanwhile, Indonesia posted a 7% increase, in contrast, Thailand saw a 21% decline.
Password stealers are malware designed to extract login credentials and other sensitive data from browsers and system files, which can then be used to access corporate accounts and systems.
Kaspersky said attackers are increasingly using stolen credentials to gain unauthorised access, which can lead to financial theft, identity compromise, and further network intrusions.
Adrian Hia, managing director for Asia Pacific at Kaspersky, said password stealers target user credentials as a primary entry point into organisations.
He added that weak passwords remain a key vulnerability, citing internal analysis showing a significant proportion of compromised passwords could be cracked within minutes.
The company said organisations should adopt password managers, multi-factor authentication, least-privilege access policies, and regular credential audits to reduce exposure.
It also recommended businesses deploy endpoint and extended detection and response tools, keep software updated, and use threat intelligence and incident response services to improve detection and containment of attacks.
Separately, Kaspersky said spyware detections against organisations in Singapore rose 111% in 2025 to 30,691 cases, the sharpest increase amongst Southeast Asian markets.