The International Police Organization (Interpol) has listed Nepal as a country at high risk of cybercrime. In a report released by Interpol on Wednesday, Nepal was included in the list of countries that are the main targets of the 'Infostealer' malware used by cybercriminals.

According to the report 'Asia and South Pacific Cyber ​​Threat Assessment 2025/2026', countries including Nepal are at high risk of the malware called 'Redline Stealer'. Along with Nepal, the countries targeted by the 'Redline Stealer' malware include Cambodia, Fiji, Vietnam, Kiribati, Laos, the Philippines and Timor-Leste.

According to Interpol's definition, Redline is a dangerous 'Infostealer' (information or data stealing) malware. Its main function is to collect confidential and sensitive details from the user's computer, laptop or mobile phone without their knowledge and send them to the criminals' servers.

'Redline Stealer is a frequently seen 'infostealer' malware that targets login details, browser data, cryptocurrency wallets and system information,' the report said. 'Due to its ability to effectively collect sensitive data, Redline is the most popular 'infostealer' in Asia and the South Pacific. As a result, Redline has become a leading cause of data theft and financial fraud in the region.'

This malware has been widely available on the cybercrime black market (dark web) since 2020. This malware has become the first choice of both novice and professional cybercriminals around the world because it is much cheaper and easier to use than other sophisticated malware.

Since it does not require any major technical knowledge to operate and is easily available in the market, the number of criminal groups using it is increasing day by day. This malware is mainly spread widely through phishing emails, unsafe and misleading advertisements on the Internet, and 'cracked' or pirated (stolen) software downloaded from various channels.

The financial sector is the first target

In Nepal, especially the financial sector and banking system are its first and biggest targets. Nowadays, even though the general public has increased the use of mobile banking and digital wallets to protect their accounts, Redline malware is easily stealing such financial details and committing financial fraud on a large scale due to the habit of not keeping strong passwords for the security of their accounts or saving passwords in the browser.

In addition to the financial sector, Nepal's healthcare sector is also at great risk, where even though sensitive health details of patients are kept in online systems, their security is not given enough attention. Similarly, the education sector and the growing e-commerce market have also been hit by redline malware, where the personal information of customers and students remains unprotected.

The report suggests that with the increasing use of digital systems in the logistics and retail sectors, large-scale data theft and blackmail and financial fraud have increased due to the lack of strong security mechanisms.

The fear of cybercrime has also increased with the recent expansion of the digital economy in Asia and the South Pacific. More than half of the 18 countries surveyed by Interpol have high rates of cybercrime. 'More than half of the 18 countries surveyed admitted that cybercrime accounts for more than 30 percent of the total crime registered in their countries,' the report said.

These are the 5 risks highlighted by the report

The report highlights 5 major risks. According to the report, the biggest risk now is online scams and phishing. In online scams, criminals use various enticements, false investment schemes, or relationships of trust to steal a person's assets. Then there is the threat of banking Trojans and infostealer malware. Malware like 'Redline' operates with the aim of stealing sensitive user details by hiding on devices.

The third biggest risk is considered to be 'ransomware'. In such attacks, criminals take control of a computer system and hold data hostage and demand a ransom in return. In fourth place is the flow of deepfake and misinformation, where artificial intelligence is used to imitate a person's appearance and voice to deceive. The fifth risk is business email compromise (BEC), in which financial transactions between companies are diverted through fake emails.

The report notes that the misuse of AI has been accelerating in recent years. It is estimated that losses worth about $37 billion have been caused by the 'online love and investment lure' scam called 'romance betting', especially in Southeast Asia. In this, criminals use deepfake videos and fake voices to pressure employees to transfer money under the guise of executives of large companies.

To avoid such risks, Interpol has urged all internet users to adopt 'multi-factor authentication' (MFA). Implementing a two-tier security system from social media to banking services can keep accounts safe even if passwords are stolen.