Analysis of South Korea’s recent wave of data breaches shows how large-scale leaks are reshaping phishing tactics worldwide, replacing mass scams with precision attacks. Cybercriminals are increasingly using data-stealing mobile apps and leaked personal data to carry out highly targeted campaigns.
According to a new analysis by AI security firm EverSpin, last year’s hacking incidents affecting South Korean telecom operators, credit card companies, and retailers marked a turning point in cybercrime tactics.
Rather than relying on mass-distribution phishing campaigns, attackers are increasingly using stolen personal data to identify individuals most likely to fall victim, often through malicious smartphone apps designed to quietly harvest sensitive information.
EverSpin’s findings are based on data collected from its malicious app detection solution, FakeFinder. The firm recorded 924,419 malicious apps in 2025, an 11 percent drop from the previous year. While that decline might appear encouraging, EverSpin warns it reflects an escalation rather than a reduction in threat activity.
An EverSpin official said that in the past, attackers focused on “quantity” by pushing malicious apps to as many people as possible. But now they are carrying out “qualitative attacks” selecting specific targets based on leaked personal data.
“That's because data such as real names, phone numbers, and detailed purchase histories obtained through hacking provided hackers with clear targeting and attack guidelines,” the official said. They reason this shift makes these campaigns far more effective and harder to detect.
Precision attacks replace mass phishing
On the positive side, the data shows a clear decline in traditional phishing methods, suggesting people are becoming less susceptible to obvious scam techniques. However, at the same time, malicious apps focused on stealing personal information surged by 53 percent, overtaking all other categories to become the most prevalent threat.
Based on documented cases, EverSpin said victims were often contacted using their detailed order histories obtained through breaches. They were then prompted to resolve issues such as delivery address errors. These messages appeared legitimate enough to persuade users to install malicious apps, which then requested extensive permissions under the guise of customer service or verification tools.
Once installed, the apps monitored incoming messages, accessed stored images, and collected authentication credentials.
The official said the hacking incidents of 2025 effectively served as a playbook for cybercriminals as they revealed exactly what kind of apps attackers need to build to make these crimes succeed.
From a broader perspective, as large-scale data breaches continue to expose detailed personal information worldwide, targeted phishing campaigns powered by mobile malware are likely to become a dominant global threat.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked