India figures among the primary target countries for at least two of the five most active infostealer malware families in the Asia-Pacific region, according to INTERPOL’s Asia and South Pacific Cyber Threat Assessment Report 2025/2026.
The report, prepared by INTERPOL’s Asia and South Pacific Joint Operations against Cybercrime (ASPJOC) and funded by the United Kingdom’s Foreign, Commonwealth and Development Office (FCDO), draws on surveys from 18 member countries, private-sector intelligence, and findings from Operation SECURE conducted in February 2025.
India in the crosshairs
India is listed as a primary target country for Negasteal, also known as Agent Tesla — a . NET-based information-stealing remote access trojan with keylogging capabilities that exfiltrates data via phishing emails.
A surge in Negasteal activity was recorded across the Asia-Pacific in April 2025, with campaigns targeting energy, manufacturing, logistics, and healthcare sectors. India is also named as a target for ZBot. This banking credential-stealing trojan has been used in large-scale fraud operations across countries with rapidly expanding digital banking sectors.
India additionally appears among the targeted countries for Lokibot, a trojan infostealer that spreads through phishing emails, malicious websites, and messaging apps, and steals credentials from browsers, email clients, and cryptocurrency wallets.
The five most active infostealers
Across the region, INTERPOL’s Operation SECURE identified five dominant infostealer families: RedLine Stealer, LummaC2, Lokibot, Negasteal, and ZBot.
These tools harvest login credentials, banking data, cryptocurrency wallets, and personally identifiable information. Stolen data is routinely traded on dark web forums and used to enable downstream crimes including ransomware deployment, identity theft, and financial fraud.
LummaC2, described in the report as the world’s largest infostealer, was active across Indonesia, Philippines, Viet Nam, Thailand, China, Papua New Guinea, Malaysia, and Singapore. Europol, in collaboration with Microsoft’s Digital Crimes Unit and Japan’s Cybercrime Control Centre, coordinated a separate operation to dismantle its infrastructure in 2025.
Ransomware and DDoS surge
The region recorded more than 135,000 ransomware-related attacks in 2024, affecting real estate, manufacturing, and financial services. A single ransomware attack on Indonesia’s National Data Centre disrupted over 280 essential services including immigration and airport operations.
DDoS attacks surged 92 per cent year-on-year in 2024. Government websites were the primary targets in the first half of the year, coinciding with major elections across the region, while financial institutions faced the brunt in the second half.
System intrusions accounted for approximately 80 per cent of all data breaches in the Asia-Pacific in 2024, with malware and ransomware present in 83 per cent and 51 per cent of cases respectively, per the 2025 Verizon Data Breach Investigations Report.
AI and deepfakes are powering fraud at scale
Artificial intelligence has emerged as a key accelerant of cybercrime across the region.
From February to June 2024, discussions about deepfakes on cybercriminal forums and Telegram channels popular among Southeast Asian threat actors increased by 600 per cent.
In February 2024, an employee at a multinational firm in Hong Kong was tricked into transferring USD 25 million after deepfake technology was used to impersonate company executives on a video call. In March 2025, a Singapore-based finance director narrowly avoided losing over USD 499,000 in a similar scheme involving deepfake impersonations of a CEO and CFO on a Zoom call.
AI-driven romance baiting scams operating out of Myanmar, Cambodia, and Laos have generated an estimated USD 37 billion in losses. Transnational organised crime groups operating scam centres across Cambodia, Lao PDR, Myanmar, and the Philippines — some involving forced labour — are estimated to generate close to USD 40 billion annually.
Online scams the most reported crime
Online scams and phishing ranked as the most widespread cybercrime type by volume across member countries surveyed.
More than a third of surveyed countries reported over 10,000 cases of online scams. Half reported financial losses exceeding USD 10,000, with several indicating losses above USD 100 million.
Phishing accounted for 5.5 clicks per 1,000 individuals monthly across the region, with cloud applications the primary target, accounting for 28 per cent of phishing clicks.
Law enforcement response
Operation SECURE in February 2025 brought together 26 countries to target infostealer infrastructure, resulting in arrests, server seizures, the takedown of more than 20,000 malicious IPs and domains, and hundreds of thousands of victim notifications.
In the 2025 ASP Desk survey, 66.7 per cent of law enforcement agencies across the region reported having already adopted AI tools, including deepfake detection systems and AI-assisted phishing site identification platforms.
INTERPOL’s 2026-2030 Strategic Framework positions cybercrime as one of four core operational pillars, alongside financial crime, counter-terrorism, and organised crime.
