18 Dec 2025 
10 min read
This edition of the Kaspersky 2025 Security Bulletin focuses on cybersecurity in the Retail and E-commerce sector, examining real-world incidents and key threat trends affecting everyday users, while also addressing selected security challenges within the B2B segment.
2025 retail & e-commerce cybersecurity in figures
14.41% of users in the retail sector faced web threats.*
22.20% of users in the retail sector faced on-device threats.*
8.25% of retail & e-commerce companies faced ransomware this year.**
152% more unique B2B users in the Retail&Ecom sector encountered ransomware detections in 2025 compared to 2023.***
6.7 million phishing attacks which targeted users of online stores, delivery companies and payment systems were identified by Kaspersky.*
50.58% of these phishing attacks were targeting online stores.*
*November 2024 through October 2025.
**KSN Data, November 2024 through October 2025
***Nov 2024 – Oct 2025 vs Nov 2022 – Oct 2023.
A look at 2025 cybersecurity for retail & e-commerce: trends and what happened
A stealer with a taste for pizza delivery
Shopping and food ordering via mobile apps are routine user behaviors. However, 2025 demonstrated that even downloading a seemingly legitimate app from an official app store does not guarantee safety, nor does it ensure that user data and financial credentials will not be compromised.
In February 2025, we identified applications in the official Apple App Store and Google Play that were infected with the SparkCat stealer, a malware designed to steal cryptocurrency wallet information by analyzing photos stored on the device. Among them was the ComeCome food delivery app for iOS, which was infected along with its Android counterpart. The app operated in the UAE and Indonesia and had over 10,000 downloads at the time of discovery.
Ransomware detections in the B2B sector increased due to a single dominant actor
The number of unique users in the Retail & E-commerce sector who encountered ransomware detections increased by 152% in 2025 compared to 2023 (Nov 2024 – Oct 2025 vs. Nov 2022 – Oct 2023). The most significant growth occurred during the 2024-2025 period and is largely attributable to the rapid spread of the Trojan-Ransom.Win32.Dcryptor family, which became highly prevalent across the retail and e-commerce sector in some of the analyzed markets. This malware is a trojanized ransomware variant that leverages the legitimate DiskCryptor utility to encrypt disk partitions on victim systems.
Worldwide 8.25% of organizations in the retail & ecommerce sector were affected by ransomware, with 9.46% in Latin America, 7.1% in Russia & CIS, and 5.12% in APAC (KSN Data, November 2024 through October 2025).
Phishing activity in the online retail segment stood out
Despite being a long-established attack technique, phishing remains highly prevalent in the context of online purchasing. From November 2024 through to October 2025, Kaspersky products blocked 6,651,955 attempts to access phishing links targeting users of online stores, payment systems, and delivery services. Of these attempts, 50.58% targeted online shoppers, 27.3% impersonated payment systems, and 22.12% targeted users of delivery companies.
The sizeable share of delivery-themed lures indicates a move toward post-purchase fraud-scams that exploit shipment tracking, failed delivery, or “additional fee” narratives, expanding the attack surface across the entire customer lifecycle and increasing exposure even after checkout.
Sales seasons continue to do the work for attackers
Seasonal peaks in online shopping consistently provide attackers with predictable opportunities to scale user-focused attacks. Periods of heightened promotional activity lower user vigilance and allow familiar phishing and spam scenarios to blend into legitimate marketing traffic, increasing their overall effectiveness.
Black Friday-related campaigns were especially prominent. In the first two weeks of November of 2025, Kaspersky detected 146,535 spam emails linked to seasonal sales, including 2,572 messages associated with Single’s Day promotions. Many of these campaigns relied on previously observed templates, advertising early-access discounts and directing users to fraudulent pages.
Predictions: what retail & e-commerce cybersecurity might face in 2026
Chatbots are likely to become a common product discovery tool across online marketplaces
Unlike traditional search, conversational interfaces encourage users to share more detailed, natural-language requests, revealing preferences, constraints, and contextual information. This shift expands the privacy attack surface, as platforms accumulate richer user profiles through chat interactions. As a result, chatbot logs may become as sensitive as transactional data, increasing the risks of over-collection, misuse, or exposure of personal information.
Search itself is changing, including how people look for products online. In 2025, there was a gradual shift from simple keyword queries to more conversational and visual ways of finding what to buy. As these models rely on broader user input, careful handling of the data involved will remain an important consideration for maintaining user trust.
Anna Larkina
Web data and privacy Analysis Expert at Kaspersky
Changes in taxes and trade rules might be exploited in online fraud
Modifications in taxes, import duties, and cross-border trade rules are likely to be used as lures in phishing campaigns and fraudulent online stores, promoting unrealistically cheap offers or claims of avoided fees. As pricing and fee rules continue to evolve across markets, it may lower vigilance, increasing the effectiveness of such schemes, particularly against small and mid-sized retailers.
AI-powered shopping assistants are expected to increasingly operate outside retail platforms,
embedding themselves into browsers, mobile apps, and third-party services. While designed to simplify navigation and price discovery, these tools shift data collection beyond the retailer’s perimeter, creating new and less visible privacy risks. To function effectively, external AI shopping agents require continuous access to user behavior, including browsing activity, search intent, location context and product interactions across multiple sites. This enables the aggregation of detailed behavioral profiles outside the direct control of both users and retail platforms, increasing the risks of over-collection, opaque data usage, and unintended exposure.
Image-based product search might become a new challenge in privacy risks
Previously, the main privacy concern around user images in e-commerce was limited to photos voluntarily shared in product reviews. However, image-based product search is expected to make photo uploads a routine part of the shopping experience across major retail platforms. While this feature improves product discovery, it also increases the risk of unintended exposure of personal data. User-submitted images may contain faces, home environments, or sensitive details, such as names, phone numbers, or addresses visible on shipping labels or packaging, making secure processing, data minimization, and limited retention critical requirements for retailers.
Recommendations for users and organizations
Kaspersky experts recommend the following to keep safe:
- Guard your privacy with smart tools.
Be cautious about what you share and avoid uploading personal images or details in queries. Your interactions help build a profile used for ads and service improvements. - Verify senders and links.
Don't trust discounts or order notifications from emails or messages. Always double-check the sender's address and manually type the store's website URL into your browser instead of clicking on any links you receive - Research the store before buying.
If you're shopping at a new or unfamiliar online store, take a moment to check its legitimacy: look for customer reviews, ensure the website address is spelled correctly, and confirm that the site pages look professional and polished. - Monitor your card transactions regularly.
Fraudulent charges can slip through unnoticed. Make it a habit (e.g., once a week) to log into your online banking or mobile app to review all recent transactions. If you spot anything suspicious, block your card and contact your bank immediately. - Adopt a proactive security approach to protect against malware and data theft. Use reliable cybersecurity software like Kaspersky Premium to prevent infections and scan your device regularly. If you discover an infected app, remove it immediately and do not reinstall it until a confirmed, clean update is released. Complement this by managing sensitive data securely: avoid storing passwords or recovery phrases in your photo gallery or notes; instead, use a dedicated, trusted password software such as Kaspersky Password Manager.
For retail & e-commerce organizations we recommend:
- Protect corporate infrastructure against a wide range of threats, including phishing and ransomware. Use solutions from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and advanced response capabilities. If a company lacks cybersecurity workers, it can adopt managed security services such as Kaspersky Managed Detection and Response (MDR) and / or Incident Response that covers the entire incident management cycle – from threat identification to continuous protection and remediation.