Password managers, long considered a cornerstone of digital security, are facing unprecedented levels of attacks from cybercriminals according to new research.
A comprehensive analysis by Picus Security reveals that malware targeting password storage systems has tripled in the past year, now accounting for 25% of all malware variants. The findings, detailed in their Red Report 2025, examined over one million malware samples.
The attacks have evolved beyond simple breach attempts. Cybercriminals are deploying sophisticated extraction methods including memory scraping, registry harvesting, and compromising both local and cloud-based password stores. These complex operations often involve multi-stage attacks using advanced malware designed to evade security measures while gaining elevated access privileges.
"For the first time ever, stealing credentials from password stores is in the top 10 techniques listed in the MITRE ATT&CK Framework," notes the report, with these techniques representing 93% of all malicious actions in 2024.
Dr. Suleyman Ozarslan, Picus Security co-founder, recommends users combine password managers with multi-factor authentication (MFA) for enhanced protection. He also stresses the importance of using unique passwords, particularly for accessing password management tools themselves.
The surge in attacks poses a growing threat to individuals and organizations relying on password managers to secure their digital accounts. While these tools remain valuable for generating and storing strong passwords, the rising sophistication of attacks highlights the need for additional security measures.
Security experts maintain that password managers continue to be an effective security tool when properly implemented with additional protective measures like MFA, regular updates, and strong master passwords.