India Tops Global Malware Infection Chart, Ranks 8th in Cyber Threat Exposure: Microsoft Report
India has emerged as the top target for Lumma Stealer malware, with over 44,000 infected Windows devices between March and May 2025, according to Microsoft’s Digital Defense Report. The country ranks eighth globally in overall cyber threat exposure, facing rising identity-based attacks and infiltration by North Korean IT operatives.
Hyderabad: India has emerged as the most affected country by a prolific malware strain while ranking eighth globally in overall cyber threat exposure, according to Microsoft‘s Digital Defense Report 2025 released on Thursday.
The comprehensive report, which analyzes over 100 trillion daily security signals from across the globe, reveals that India recorded 44,197 Windows devices infected by Lumma Stealer malware between March 16 and May 16, 2025, the highest number worldwide. This placed India ahead of Russia (40,868 infections), Brazil (21,137), and the United States (15,647) in terms of malware impact.
India’s Global Standing
In the broader cybersecurity landscape, India ranked eighth among countries most frequently impacted by cyber threats during the January-June 2025 period, accounting for 2.3% of total global incidents. The United States led the list with 24.8% of incidents, followed by the United Kingdom (5.6%), Israel (3.5%), and Germany (3.3%).
“While users globally are at risk, we’ve observed most attacks in the last six months focused on the United States, the United Kingdom, Israel, and Germany,” the report states, with India following closely among the top ten affected nations.
Key Findings for India
The report identifies Lumma Stealer as “the most prevalent infostealer observed in the last year,” describing it as a malware-as-a-service platform that is “inexpensive, feature-rich, and constantly evolving”. The malware specializes in stealing credentials, hijacking user sessions, and draining cryptocurrency wallets.
According to Microsoft’s findings, India was particularly vulnerable to this strain, which affected multiple countries across Asia, including China (6,086), Vietnam (9,310), and Indonesia (14,681).
North Korean IT Worker Threat
The report also highlights India’s exposure to an emerging threat: North Korean remote workers. India appeared among the top ten regions targeted by North Korean threat actors, with 2% of global North Korean cyber operations directed at India.
“For over a decade, North Korea has remotely stealthily embedded tens of thousands of workers at organizations around the world in a trend that is quickly accelerating,” the report warns, noting that these workers “remit hundreds of millions of dollars a year to North Korea”.
Identity-Based Attacks Surge
India, along with other Asia-Pacific nations, faced increased identity-based attacks, which rose by 32% in the first half of 2025. The report emphasizes that “identity-based attacks rose by 32%. This escalation may reflect adversaries’ increasing use of AI to craft highly convincing social engineering lures—posing new challenges for detection and response at scale”.
The research and academia sector, which has significant presence in India, accounted for 39% of all identity compromise incidents observed by Microsoft, making it the most targeted sector for identity-based attacks.
Expert Recommendations
Microsoft’s cybersecurity experts recommend that organizations prioritize several defensive measures: implementing phishing-resistant multifactor authentication (MFA), which “blocks over 99% of unauthorized access attempts”; regularly updating systems to patch vulnerabilities; and educating users about deceptive downloads and social engineering tactics.
The report notes that “credential theft has become a leading concern” globally, with increased data breaches and frequent infostealer malware infections affecting regions including Asia.
While India ranked eighth in overall cyber threat exposure, the country’s vulnerability to specific malware strains like Lumma Stealer underscores the need for enhanced cybersecurity infrastructure. The Microsoft Digital Crimes Unit successfully disrupted Lumma Stealer operations in May 2025, seizing over 2,300 malicious domains, but the threat remains significant.
As digital transformation accelerates across India, cybersecurity experts stress that both public and private sector organizations must invest in robust defense mechanisms to protect critical infrastructure and sensitive data from increasingly sophisticated cyber threats.
