2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025

Executive summary: Recorded Future's 2025 Identity Intelligence report documents massive growth in credential theft driven by infostealer malware — reporting billions of credential exposures (e.g., 1.95B malware combo list exposures, 892M malware log exposures), an average of 87 stolen credentials per infected device, and 276M credentials that included active session cookies enabling MFA bypass — and attributes activity to evolving MaaS families (LummaStealer, Rhadamanthys, Vidar, StealC, AMOS/MacSync), while urging continuous monitoring, cookie/session invalidation, automated remediation, and coverage of personal and third-party devices.