Experts have warned of an increase in the number of malware cases.

In April 2025, the number of requests related to the spread of malicious software continued to increase on the Runet. This follows from the data from the Coordination Center of the .RU/ domains.The Russian Federation, which was reviewed by Izvestia on May 23.

As part of the Domain Patrol project, 4,685 complaints about the misuse of domains in the zones were sent to registrars in April.RU and .RF. Of these, 2,624 requests related to phishing, and 1,238 related to the spread of VPO, which is 97 more requests than in March (1,141 requests), and 2.6 times higher than in February (462 requests).

Experts noted that the trend towards an increase in the use of VPO in Runet is more clearly observed against the background of a general decrease in phishing. In the first four months of 2025, the number of phishing requests decreased by 35% compared to the same period last year (from 16,234 to 10,543), while the number of requests related to the spread of VPO, on the contrary, increased almost fourfold — from 823 to 3,260 requests.

As noted by the data analyst of the .RU/ Domain Coordination Center.Russian Federation Evgeny Pankov, the main reasons for this growth were the development of technologies for developing malicious software, which contributes to the creation of new types of attacks and the possibility of experimenting with their types and characteristics.

From a black approach: hackers have quadrupled their attacks on Russia

The public sector, postal services and cargo and passenger transportation were among the most affected industries.

"VPO attacks allow us to implement more and more sophisticated attack scenarios: from covert data collection to full control over the victim's device. Unlike classic phishing, which users are already relatively aware of, malware acts unnoticed. It can get onto the device through a fake application, an attachment in an email, or an uploaded file," he said.

According to him, after installation, the VPO becomes part of a multi-level attack scheme: attackers gain access to correspondence, personal data, and banking information and can send phishing messages on behalf of the compromised user. The hidden nature of malicious software makes it particularly dangerous.

"Users often do not recognize the threat in time, which significantly increases the effectiveness of attacks. In fact, this is a new form of phishing — less noticeable, but no less destructive," Pankov added.

VPO attacks can be carried out without traditional phishing. More and more often, attackers use bots in Telegram, which spread malware under the pretext of downloading "mods" or add-ons to popular games. The installed software is capable of collecting data on bank accounts, logins, passwords and executing remote commands on an infected device, experts said.

Cyber attacks are becoming more complex and invisible, based on the use of malware, so companies and users need not only to constantly improve digital literacy, but also to build a systematic approach to protecting data and infrastructure, Pankov stressed.

Earlier, on February 26, Mikhail Khlebunov, Servicepipe's product director, told Izvestia that the number of DDoS attacks against telecom in Russia increased throughout 2024 and this trend continued in 2025. He noted that the attackers used the tactics of multi-vector carpet attacks, when malicious traffic goes to multiple IP addresses at once.