Malware on the Rise: India's Cybersecurity Outlook for 2025 An analysis of India's malware detections from October 2023 to September 2024 identified Trojans as the most prevalent malware, with 140.48 million detections

In 2024, cybersecurity threats gained significant attention from Indian enterprises and the Indian government, both central and state. The most talked-about topic within industries was how to protect systems and maintain consumer trust amidst increasingly sophisticated cyberattacks, especially with hackers leveraging artificial intelligence (AI). While analyzing the cybersecurity trends of 2024, a staggering 369 million malware detections were reported across 8.44 million devices in India, according to the India Cyber Threat Report 2025, released by the Data Security Council of India (DSCI) in collaboration with Seqrite.

Malware refers to any malicious software designed to harm digital devices, networks, and users. An analysis of India's malware detections from October 2023 to September 2024 identified Trojans as the most prevalent malware, with 140.48 million detections (43.25 per cent). This was followed by Infector malware with 110.75 million detections (34.10 per cent) and Worms with 27.38 million detections (8.43 per cent). Potentially Unwanted Applications (PUAs) accounted for 21.69 million detections (6.68 per cent), while other malware categories included Exploits (15.24 million, 4.69 per cent), Cryptojacking (7.31 million, 2.25 per cent), Ransomware (0.97 million, 0.30 per cent), and Adware (1.00 million detections, 0.31 per cent).

Android users at heavy risk

India, home to the largest base of Android users, faces a growing threat from malware, which accounts for 42 per cent of all cyberattack detections, showing a sharp rise in attacks targeting Android devices. Potentially Unwanted Programs (PUPs) made up 32 per cent of detections, while adware accounted for 26 per cent. These harmful programs can steal sensitive information like passwords and credit card details, disrupt device functions, and give hackers access to devices, often leading to further cyberattacks.

Top cities and sectors affected

Surat recorded the highest rate of detected cyber threats per device (endpoint) in India, with an average of 69.34 detections per endpoint, representing 14.58 per cent of total detections nationwide. For an industrial city like Surat, this is surprising, as it is not traditionally considered a technology hub. The report suggests two possible reasons: either the city has robust security monitoring or heightened exposure to threats. Bengaluru and Hyderabad followed closely, with detection rates of 56.75 (11.93 per cent) and 54.93 (11.55 per cent) detections per endpoint, respectively. Other cities significantly affected included Jaipur (55.73 detections, 11.72 per cent), Chennai (48.75 detections, 10.25 per cent), and New Delhi (44.55 detections, 9.37 per cent).

In terms of sectors, healthcare emerged as the most targeted industry for malware attacks in 2024, with a detection rate of 21.82 per cent. The hospitality sector followed at 19.57 per cent, reflecting its vulnerability due to reliance on guest services and payment systems. The BFSI (Banking, Financial Services, and Insurance) industry, with a detection rate of 17.38 per cent, remained a prime focus for cybercriminals targeting financial fraud and data theft. Education (15.64 per cent), MSMEs (7.52 per cent), manufacturing (6.88 per cent), and government systems (6.10 per cent) were among the other industries significantly affected in 2024.

Cloud-based platforms under attack

Widely used cloud-based file-sharing platforms, including Google Drive, Dropbox, and OneDrive, saw substantial misuse. Hackers leveraged their popularity and user trust to propagate malware and phishing schemes. Other platforms such as WeTransfer, Box, and Amazon S3 also became hotspots for malicious activity due to their ease of access and high data exchange rates. Even enterprise-focused platforms such as IBM Cloud, Oracle Cloud, and GitHub were exploited by attackers to host or disseminate harmful content. Interestingly, Microsoft Teams, a collaboration tool, also emerged as a target, reflecting the growing trend of exploiting trusted digital workspaces for cybercrime.

"The increase in the demand of behavior-based detections of malware represents an important evolution in both attack and defense strategies. This tells us that attackers are creating more sophisticated ransomware that can evade traditional signature-based detection methods," said Vinayak Godse, Chief Executive Officer, of Data Security Council of India.

Outlook for 2025

The increasing complexity of the cyber threat landscape demands that industry players stay two steps ahead of malicious actors. However, it would be overly idealistic to assume this as an absolute truth, given the unprecedented pace of emerging technologies and their adoption. While 2025 might not see complete maturity in cyber defense, significant strides could be made toward robust defense mechanisms and better data backup strategies to ensure smooth operations after a cyberattack. Additionally, partnerships between private and public entities, as well as education and awareness programs, could play a central role in bolstering cybersecurity efforts in 2025.