Spyware, Password-Stealing Malware Surge in Nigeria, Kaspersky Warns

Spyware and Password Stealers Lead Malware Growth

GLOBAL cybersecurity firm Kaspersky has raised alarm over a significant rise in data-stealing malware targeting users in Nigeria, warning that spyware and password-stealing programs recorded the fastest growth among cyber threats in 2025.

According to the company’s latest telemetry data, spyware attacks in Nigeria increased by 28 per cent year-on-year, while password-stealing malware rose by 22 per cent, making them the fastest-growing forms of malicious software detected in the country.

Spyware refers to malicious software secretly installed on a user’s device to collect personal information such as browsing activity, messages and login credentials. Password stealers, on the other hand, are designed to harvest account usernames and passwords, enabling cybercriminals to gain unauthorised access to online accounts.

Cybersecurity experts warn that once such information is compromised, attackers can exploit it for financial fraud, identity theft or corporate espionage.

Millions of Attacks Blocked in Nigeria

The cybersecurity firm disclosed that its security tools blocked more than four million online attack attempts targeting Nigerian users in 2025.

Online attacks typically involve various forms of malware, including spyware, exploits and password-stealing programs designed to infiltrate systems through the internet.

In addition to these online threats, Kaspersky reported that its software also prevented over nine million on-device attacks in the country. These threats often spread through infected external devices such as USB drives and compromised files transferred between computers.

Although exploit-based attacks declined slightly compared to the previous year, experts warn they remain a serious cybersecurity concern.

Exploits are specialised programs used by cyber attackers to take advantage of vulnerabilities in operating systems or applications. Once a weakness is detected, attackers can use the exploit to gain unauthorised access to a device or manipulate software to behave in unintended ways.

Ransomware Still a Major Risk

Despite not recording the fastest growth, ransomware remains one of the most dangerous threats to organisations, the cybersecurity firm noted.

Ransomware attacks typically involve hackers encrypting an organisation’s data and demanding payment to restore access. Experts say such attacks often target companies through supply chain vulnerabilities or trusted digital relationships.

According to Moses Munguti, Technical Expert and Team Lead for Africa at Kaspersky, stronger international cooperation is critical in tackling cybercrime across the continent.

He noted that global operations coordinated by INTERPOL, including Operation Serengeti, have demonstrated the importance of intelligence sharing in combating cyber threats.

Munguti added that both individuals and organisations have a responsibility to strengthen their cybersecurity posture by remaining aware of evolving digital threats and adopting good security practices.

Experts Urge Stronger Cyber Hygiene

Cybersecurity analysts say malware often infiltrates devices through phishing messages, fraudulent websites and social engineering tactics designed to trick users into revealing sensitive information.

Attackers also frequently exploit outdated operating systems, browsers or software applications with unpatched security vulnerabilities.

To reduce the risk of infection, experts recommend several basic cybersecurity practices, including:

• Carefully verifying links and attachments before opening them

• Downloading software only from official and trusted sources

• Regularly updating operating systems and applications

• Using strong and unique passwords for different accounts

• Enabling multi-factor authentication where available

• Installing reputable security software capable of detecting malware

• Regularly backing up important data

Experts emphasise that maintaining good digital hygiene and staying informed about emerging cyber threats remain among the most effective ways for users to safeguard their devices and personal data.