Mobile Malware Attacks Surge in 2025 as Banking Trojans and Malicious Apps Spread Across Smartphones

CyberDefender 9 mins0

Smartphones have become the primary computing platform for billions of users worldwide. They store sensitive personal data, banking credentials, authentication tokens, and corporate information—making them attractive targets for cybercriminals.

The 2025 Mobile Threat Report by Kaspersky highlights how the mobile threat ecosystem continues to evolve with sophisticated malware campaigns, banking Trojans, pre-installed backdoors, and malicious applications infiltrating both official and unofficial app stores. This blog breaks down the key findings, trends, and implications for mobile security.

The Growing Attack Surface of Mobile Devices

Mobile devices are no longer just communication tools—they function as digital identity hubs. As a result, attackers increasingly adopt mobile-first attack strategies to compromise users and organizations.

Reports show a noticeable rise in mobile attacks. For instance, Android smartphone users experienced 29% more attacks in the first half of 2025 compared to the same period in 2024, demonstrating how quickly the threat landscape is expanding.

Cybercriminals exploit several distribution channels:

  • Malicious apps disguised as legitimate utilities
  • Third-party app stores and APK sideloading
  • Compromised firmware on low-cost devices
  • Social engineering attacks such as smishing
  • Malicious advertising and click-fraud campaigns

The mobile ecosystem is particularly vulnerable because users tend to trust mobile apps more than desktop software.

Mobile Malware Statistics in 2025

According to data from Kaspersky Security Network, mobile malware activity remained significant throughout 2025.

Key statistics include:

  • Over 12 million attacks involving mobile malware, adware, or unwanted software were blocked in Q1 2025.
  • Around 180,000 malicious installation packages were detected during the same period.
  • In Q2 2025, security solutions blocked 10.71 million mobile attacks.
  • By Q3 2025, researchers identified over 197,000 malicious mobile app samples, showing continuous threat activity.

Despite fluctuations across quarters, Trojans remain the most prevalent type of mobile malware, particularly those targeting banking applications.

The Rise of Mobile Banking Trojans

Financial malware continues to dominate the mobile threat landscape.

Banking Trojans are specifically designed to:

  • Steal login credentials from banking apps
  • Intercept SMS-based one-time passwords
  • Overlay fake login screens
  • Perform fraudulent transactions

In 2025, the Mamont family of banking Trojans became one of the most active malware families targeting Android users.

The number of detected banking Trojan installation packages reached tens of thousands in several reporting periods, highlighting the increasing focus on financial fraud.

These Trojans often hide inside seemingly harmless apps such as:

  • Movie streaming apps
  • Gaming applications
  • Utility tools or VPN apps

Once installed, they gain accessibility permissions and begin monitoring user activity.

Pre-Installed Malware: A Supply Chain Threat

One of the most concerning discoveries in recent reports is the presence of malware pre-installed in device firmware.

Examples include backdoors like Triada, which can be embedded into smartphones during manufacturing. These threats can:

  • Download additional malicious modules
  • Replace URLs in browsers
  • Steal login credentials from messaging and social media apps
  • Persist even after factory resets

Because these infections occur before the device reaches the user, traditional security controls often fail to detect them early.

This highlights a critical issue in the mobile supply chain, especially in low-cost Android devices.

Emerging Mobile Threat Campaigns

The 2025 threat landscape also revealed several new attack techniques and campaigns.

1. Image-Stealing Spyware

Malicious apps have been discovered stealing images from users’ galleries. Attackers often search for cryptocurrency wallet recovery phrases or sensitive documents stored as screenshots.

2. Malicious VPN Applications

Some fake VPN apps intercept one-time password (OTP) codes sent via SMS or messaging apps and forward them to attackers.

3. Ad Fraud and Clicker Malware

Certain malware families open hidden web pages and automatically click advertisements, generating fraudulent revenue for attackers.

4. DDoS-Enabled Apps

Some malicious apps—particularly those disguised as adult content viewers—contain functionality that turns infected phones into distributed denial-of-service (DDoS) bots.

App Stores Are Not Completely Safe

Although official marketplaces like Google Play implement security screening, attackers still manage to bypass these protections.

Research has identified hundreds of malicious apps hosted on official stores, sometimes accumulating tens of millions of downloads before removal.

Attackers use several techniques to evade detection:

  • Obfuscating malicious code
  • Delayed payload downloads
  • Dynamic command-and-control servers
  • Abuse of legitimate SDKs

This means that installing apps from official stores does not guarantee safety.

Regional Trends in Mobile Attacks

Mobile threats are not distributed evenly across the globe.

Regions with high smartphone adoption and large Android user bases often experience higher volumes of malware campaigns. Reports also indicate that developing markets with budget Android devices are particularly vulnerable due to:

  • Infrequent security updates
  • Firmware tampering
  • Weak app vetting processes

As mobile payments and digital services expand, these regions become increasingly attractive targets for cybercriminals.

How Users and Organizations Can Mitigate Mobile Threats

To reduce mobile security risks, both individuals and organizations should adopt stronger security practices.

For Individual Users

  • Install apps only from trusted sources
  • Avoid sideloading APK files
  • Review app permissions carefully
  • Enable Google Play Protect or equivalent security tools
  • Keep operating systems and apps updated

For Enterprises

  • Implement Mobile Device Management (MDM)
  • Deploy Mobile Threat Defense (MTD) solutions
  • Enforce zero-trust access policies
  • Monitor mobile network traffic for anomalies

Security awareness training is also essential because many mobile attacks rely on social engineering rather than technical vulnerabilities.

Conclusion

The 2025 mobile threat landscape demonstrates that smartphones remain a prime target for cybercriminals. Banking Trojans, spyware campaigns, malicious applications, and supply-chain compromises continue to evolve, making mobile security a critical priority.

While mobile platforms offer convenience and connectivity, they also represent a growing attack surface. Protecting users requires a combination of secure development practices, stronger supply chain security, improved app store vetting, and increased user awareness.

As attackers continue to innovate, mobile security must evolve just as quickly.

CyberDefender