SneakThief and the Rise of Credential-Stealing Malware: A 2025 Cybersecurity Analysis

After analyzing over a million malware samples collected in 2024, researchers discovered that 25% were designed to steal user credentials. This figure is three times higher than in 2023, pushing credential theft from password stores into the MITRE ATT&CK framework’s top 10 techniques. These techniques accounted for 93% of all malicious cyber activity last year.

Picus Security’s Red Report 2025 highlights that cybercriminals are increasingly focusing on complex, multi-stage attacks that demand a new generation of malware. Researchers have coined the term SneakThief to describe a new wave of information-stealing malware that emphasizes stealth, persistence, and automation.

According to the report, attackers are refining these malware attributes to execute "the perfect heist." Most modern malware samples are now equipped with over a dozen malicious functions designed to bypass security measures, extract sensitive data, and more.

Despite growing concerns, researchers found no evidence that AI-driven malware is being actively used. On average, malware samples can execute 14 malicious actions, with exfiltration and stealth tactics accounting for 11.3 million cybercrime incidents in 2024.

"Focusing on the top 10 MITRE ATT&CK techniques is the most effective strategy for disrupting sophisticated malware as early as possible," said Volkan Ertürk, CTO and co-founder of Picus. "SneakThief is no exception—by concentrating on just 10 of MITRE’s techniques, enterprise security teams can prevent 90% of malware threats."