From January to June 2025, Kaspersky enterprise solutions blocked more than 2 lakh of spyware attacks targeting organisations in India. This is a 273% surge compared to the same period last year.
The global cybersecurity company notes that the stark rise in targeted spyware attacks rippling through corporate India is a wake-up call to firms across the country.
Spyware is a type of software, which is secretly installed on a user’s computer to collect their data. Unlike malware, spyware typically does not harm the operating system or programs and files. Runs on the device to monitor activity (e.g., keylogging, screen captures). It can be installed via online means, but its surveillance happens locally.
Step-by-step, spyware will take the following actions on your computer or mobile device:
● Infiltrate — via an app install package, malicious website, or file attachment.
● Monitor and capture data — via keystrokes, screen captures, and other tracking codes.
● Send stolen data to the spyware author, to be used directly or sold to other parties.
● In short, spyware communicates personal, confidential information about you to an attacker.
The information gathered might be reported about your online browsing habits or purchases, but spyware code can also be modified to record more specific activities.
Data compromised by spyware often includes collecting confidential info such as:
● Login credentials — passwords and usernames
● Account PINs
● Credit card numbers
● Monitored keyboard strokes
● Tracked browsing habits
● Harvested email addresses
The recent years have also witnessed the emergence of commercial spyware, a form of “legal malware” sold to governments and law enforcement, which has become an urgent threat to organisations around the globe.
Commercial spyware functions like malware developed by private firms, designed to secretly monitor devices by stealing messages, eavesdropping on calls, tracking locations, and removing traces of its presence. Installation often exploits zero-click vulnerabilities, meaning victims don’t even need to click anything for infection to happen.
Pegasus is among the most infamous spyware. It is known for zero-click infects via iMessage, WhatsApp, and other platforms and is capable of full device surveillance, including messages, calls, and location. In 2024, Kaspersky’s Global Research and Analysis Team (GReAT) has created a lightweight technique to spot traces of advanced iOS spyware like Pegasus, Reign, and Predator by examining Shutdown.log, a forensic trail that had gone largely unnoticed during that time.
In India, Kaspersky’s report revealed that the number of spyware attacks against businesses here ballooned to 2,18,479 in the first half of 2025, from just 58,578 incidents in the same period last year.
“Spyware is increasingly targeting corporate India because that’s where the data goldmine lies, sensitive deals, financial flows, and intellectual property. India today is home to global multinationals, a flourishing startup scene, and an ever-expanding fintech sector. This mix creates a treasure trove of valuable data that attackers want to capture, whether for profit, surveillance, or competitive advantage,” comments Jaydeep Singh, General Manager for India at Kaspersky.
“The fact that spyware campaigns exploit both cutting-edge technologies and older, unpatched systems shows how persistent these actors are. This is where threat intelligence moves from being optional to essential. It gives Indian organizations the clarity to see which spyware tools are in play, how attackers are operating, and where to focus defenses,” he adds.
Ensuring full protection against attacks using spyware is generally challenging. However, organizations can at least make life harder for potential attackers. Kaspersky suggests the following recommendations:
● Regularly update the software on all your devices. First and foremost operating systems, browsers, and messaging apps
● Do not click on suspicious links — one visit to a site may be enough to infect your device
● Use a VPN to mask your internet traffic — this will protect you from being redirected to a malicious site while browsing HTTP pages
● Reboot regularly. Often, spyware can’t persist in an infected system indefinitely, so rebooting helps get rid of it
● Install a reliable security solution on all your devices
● Use the latest Threat Intelligence information to stay aware of the actual Tactics, Techniques, and Procedures (TTPs) used by threat actors.
