More than 21K spyware attacks on Thai businesses in H1 2025

From January to June 2025, Kaspersky enterprise solutions detected and blocked the highest number of spywares in Vietnam at 191,976, followed by Malaysia (96,539) and Indonesia (85,560). 

Thailand ranked fourth with 21,014 spyware attacks targeting businesses and enterprises in the country.

Number of spyware attacks targeting organisations in H1 2025

Southeast Asia    427,265

1. Indonesia    85,560
2. Malaysia    96,539
3. Philippines    12,019
4. Singapore    20,157
5. Thailand    21,014
6. Vietnam    191,976

Kaspersky’s report revealed that the number of spyware attacks against businesses in Southeast Asia spiked to 427,265 in the first half of 2025, which is 70.73% higher from just 250,260 incidents in the same period last year. 

Spyware is a type software, which is secretly installed on a user’s computer to collect their data. Unlike malware, spyware typically does not harm the operating system or programs and files. Runs on the device to monitor activity (e.g., keylogging, screen captures). It can be installed via online means, but its surveillance happens locally.

Step-by-step, a spyware will take the following actions on your computer or mobile device:

•    Infiltrate — via an app install package, malicious website, or file attachment.
•    Monitor and capture data — via keystrokes, screen captures, and other tracking codes.
•    Send stolen data — to the spyware author, to be used directly or sold to other parties.
•    In short, spyware communicates personal, confidential information about you to an attacker.

The information gathered might be reported about your online browsing habits or purchases, but spyware code can also be modified to record more specific activities.

Data compromised by spyware often includes collecting confidential info such as:

•    Login credentials — passwords and usernames
•    Account PINs
•    Credit card numbers
•    Monitored keyboard strokes
•    Tracked browsing habits
•    Harvested email addresses

The recent years have also witnessed the emergence of commercial spyware, a form of “legal malware” sold to governments and law enforcement, which has become an urgent threat to organisations around the globe. 

Commercial spyware functions like malware developed by private firms, designed to secretly monitor devices by stealing messages, eavesdropping on calls, tracking locations, and removing traces of its presence Installation often exploits zero-click vulnerabilities, meaning victims don’t even need to click anything for infection to happen.

Pegasus is among the most infamous spyware. It is known for zero-click infects via iMessage, WhatsApp, and other platforms and is capable of full device surveillance, including messages, calls, and location. In 2024 Kaspersky’s Global Research and Analysis Team (GReAT) had created a lightweight technique to spot traces of advanced iOS spyware like Pegasus, Reign, and Predator by examining Shutdown.log, a forensic trail that had gone largely unnoticed during that time.

“Spyware operates in the dark, silently siphoning off your most confidential information - from login credentials and account PINs to keystrokes and sensitive corporate data. The surge in spyware attacks targeting Southeast Asian businesses is nothing short of a regional cybersecurity emergency. Our report confirms that no market is safe from these insidious threats,” says Simon Tung, General Manager for ASEAN and Asia Emerging Countries (AEC) at Kaspersky.

“Critically, the emergence of commercial spyware means that an organisation can be compromised without an employee even clicking a single malicious link. This mandates a fundamental shift in defence strategy. Businesses must regard this as an immediate strategic risk, rather than a simple IT issue, and move beyond basic measures to adopt a proactive, multi-layered defence,” he adds.

Ensuring full protection against attacks using spyware is generally challenging. However, organisations can at least make life harder for potential attackers. Kaspersky suggests the following recommendations:

•    Regularly update the software on all your devices. First and foremost: operating systems, browsers, and messaging apps
•    Do not click on suspicious links — one visit to a site may be enough to infect your device
•    Use a VPN to mask your internet traffic — this will protect you from being redirected to a malicious site while browsing HTTP pages
•    Reboot regularly. Often, spyware can’t persist in an infected system indefinitely, so rebooting helps get rid of it
•    Install a reliable security solution on all your devices
•    Use the latest Threat Intelligence information to stay aware of the actual Tactics, Techniques, and Procedures (TTPs) used by threat actors.