Cyber crime is not limited to India’s big cities.

Non-metros like Jalalpur in the northern state of Uttar Pradesh, Bhubaneswar in Odisha, and Patna in Bihar have emerged as among the 15 cities in the country that are most vulnerable to cyber attacks in 2019, according to a recent report by Pune-based antivirus firm Quick Heal.

The ranking is topped by India’s financial capital, Mumbai, which clocked the highest detection of malware – any software designed intentionally to harm a computer –among all Indian cities last year.

Among Indian states, Maharashtra topped the ranking in 2018. Other significant business hubs such as Delhi and Telangana were also among the 12 most affected regions.

The danger

The most common virus detected on Windows devices in India in 2018 was Trojan, a software that misleads users about its true intent, the Quick Heal report said. Trojan most commonly spreads through email attachments, malicious websites, and suspicious pop-ups.

On Andriod devices in India, in 2018, malware commonly attacked through third-party app stores other than Google Play. In 2019, there is a higher threat of cyber crimes on mobile devices, the report said.

Digital payments, which have gained popularity in India over recent years, will be especially vulnerable to cyber attacks this year, the report said. There will also be an increase in malware that “skim” websites for payment-related log-in credentials and other sensitive information such as credit card details, the report predicts.

This article first appeared on Quartz.