Hackers are increasingly focusing on cracking password managers

Cybercriminals are increasingly targeting password managers in their attempts to hack accounts – this type of software is the target of a quarter of all malware, cybersecurity experts from Picus Security have reported.

Image Source: Kevin Ku / unsplash.com

Picus Security detailed its findings in its recently released Red Report 2025, which is based on an in-depth analysis of over a million malware variants collected last year. A quarter of the malware (25%) was designed to steal credentials from password vaults, a three-fold increase from the previous year. “Credential theft entered the top 10 most common methods in the MITRE ATT&CK Framework for the first time. The report shows that these top 10 methods accounted for 93% of all malware activity in 2024,” Picus Security said.

To steal passwords, hackers resort to various sophisticated means: extracting data from RAM and the registry, compromising local and cloud storage. Attacks are growing in volume and complexity, and malware is distinguished by increased stealth, persistence and automated mechanisms. Most samples of such software include “more than a dozen malicious actions designed to bypass protection, escalate privileges and extract data.”

Password managers are programs designed to generate, securely store, and automatically enter passwords for websites and applications. They relieve the user from having to remember them and are considered the basis for cybersecurity hygiene.