Brazil Ranks 2nd in Countries Most Targeted by Malware in 2025, According to Acronis

Brazil has solidified its position as one of the most targeted countries by cybercriminals in 2025, according to the report Acronis Cyberthreats Report H1 2025, ranking second in malware detections – only territories where the company has a presence were diagnosed. The study, published by the entity analyzing the global cyber threat landscape in the first half of the year, also revealed that the country is among the top growing targets for ransomware and phishing attacks.

In May 2025, 11% of Brazilian users experienced at least one malware detection, second only to India at 12.4%. Brazil also ranks among the primary targets of ransomware groups such as LockBit, Play, and 8Base, which exploit known vulnerabilities and phishing campaigns to compromise companies.

According to the report published by the Acronis Threat Research Unit (TRU), phishing and social engineering remain the most commonly used attack vectors, with a notable shift of scams to collaboration applications (such as Microsoft Teams and Slack).

The research indicates that Brazil consistently showed high detection rates throughout the 15-month period, with peaks in March and September 2024 and again in March and May 2025. This aligns with repeated spear-phishing campaigns employing Astaroth – a malware that demonstrated a strong focus on specific sectors, with 27% of attacks targeting manufacturing and 18% targeting the IT sector, for example.

Global trends impacting Brazil

The study highlighted the increasing use of artificial intelligence in cyber attacks, such as hyper-realistic phishing, deepfakes in financial fraud, and autonomous malware. The "cybercrime-as-a-service" model further democratizes access to sophisticated attacks, expanding risks for companies of all sizes.

Globally, Acronis also observed significant evolution in the use of malicious URLs in phishing campaigns. European countries including Germany, Switzerland, France, Italy, and Spain faced attack spikes between late 2024 and the first half of 2025. These scams ranged from impersonation campaigns of tax authorities to the use of deepfakes and voice cloning to deceive victims in high-impact financial fraud. In France, for example, over 160,000 users were exposed to malicious links in a single coordinated attack.

"These trends reinforce that Brazil is not isolated but embedded in a global context of increasingly sophisticated attacks, where the use of social engineering combined with new technologies – such as AI, spoofing, and fraudulent domains – can amplify the scale and impact of digital threats," states Regis Paravisi, Country Manager of Acronis in Brazil.

About the report

The Acronis Cyberthreats Report H1 2025 is published by the company's research team, the Acronis Threat Research Unit (TRU), and is based on data collected between January and June 2025 from over one million endpoints monitored globally. The analysis consolidates information on malware, ransomware, vulnerabilities, and emerging cybersecurity trends.