Vietnam sees spike in spyware attacks, ranking 2nd in Southeast Asia after Singapore

Its newly released statistics show the number of attacks increased by 78.8% compared from the same period last year to more than 1,500 cases a day.

Vietnam ranked second in Southeast Asia in the number of attacks after Singapore, and was among the top three countries in the region in terms of increase.

Explaining this surge, Simon Tung, Kaspersky’s general director for Southeast Asia, said the reason is that users are gradually moving all of their activities to the digital environment.

"Online platforms are becoming extremely vibrant, with countless commercial transactions, social network connections, and brand‑building campaigns. This, in effect, leaves behind digital footprints and opens many ‘gateways’ for hackers to attack."

The information collected through this type of software is exactly what cybercriminals are after, allowing them to carry out acts of fraud and asset appropriation, he said.

A hacker illustration. Photo courtesy of Kaspersky

Viettel Cyber Security’s Q3 2025 cyber risk report too recorded a clear rise in data‑stealing malware, including tools capable of quickly harvesting high‑value information such as cookies, session tokens, passwords, cryptocurrency wallets, and payment details.

According to VCS experts, the commercialization of malware has driven the continued expansion of this underground market, causing the volume of malicious code and its variants to increase sharply and making it harder to stop.

Hackers are increasingly focused on optimizing the capabilities of data‑stealing software, for example, by encrypting data before exfiltration, hiding it in HTTPS traffic, splitting it into smaller chunks to send multiple times, or embedding it into cloud services, images or videos.

Spyware is typically secretly installed on a user’s device to collect data. Unlike many other types of malware, spyware may not damage software or files on the machine, but quietly monitors user activity such as logging keystrokes, capturing screenshots or recording data entered into forms.

Spyware is often installed via online channels, but the monitoring activity can also take place within local networks.

Spyware can infiltrate a device through bundled application installers, compromised websites or infected files.

Once it gains access, it tracks and gathers data and sends the stolen information back to its operator for direct use or resale to third parties.

Pegasus, an Israeli spyware strain frequently mentioned in recent years, is notorious for its zero‑click infection capability via iMessage, WhatsApp and other platforms, and for being able to fully surveil target devices.

According to Kaspersky experts, the data collected can relate to users’ web‑browsing habits or their online shopping transactions.

Cybercriminals can also customize spyware code to record more specific types of activity. Sensitive data that is often compromised by spyware includes login credentials, passwords, bank card numbers, and browsing history.

Ensuring absolute safety against spyware attacks is a major challenge for businesses and organizations since every individual member can be a target for cybercriminals.

For end users, experts recommend several measures to make attacks more difficult to carry out, such as regularly restarting devices.

In many cases, spyware cannot persist long on a system, and rebooting can help temporarily remove malicious software running in the background.

Besides, users should frequently update their software, avoid clicking on suspicious links and use a VPN to protect and obscure their Internet traffic.