Here’s a summarized version of the provided content, adhering to the requested length and format:
Key Takeaways:
- Explosive Mobile Malware Growth: Mobile malware threats continue to escalate, with a 67% year-over-year increase.
- Malicious Apps on Google Play: Hundreds of malicious apps were found on the Google Play Store, resulting in over 40 million downloads.
- Social Engineering Focus: Attackers are increasingly leveraging social engineering tactics like phishing, smishing, and SIM swapping to bypass improved security measures.
- Adware Dominance: Adware has surged to become the most prevalent threat in the Android ecosystem, accounting for a significant portion of detections.
- Geographic Impact: India, the United States, and Canada are the most impacted countries, with significant spikes in attacks targeting Italy and Israel.
- IoT Security Concerns: IoT devices, particularly routers, remain vulnerable targets for exploitation, emphasizing the need for enhanced security measures.
Summary:
A recent report from cloud security firm Zscaler has revealed a concerning surge in mobile malware activity, with hundreds of malicious Android applications discovered on the Google Play Store. These applications have been downloaded more than 40 million times between June 2024 and May 2025. The report highlights a 67% year-over-year increase in malware targeting mobile devices, pointing towards a growing threat landscape. Spyware and banking trojans are identified as prevalent risks within this ecosystem.
The data indicates a significant shift in attack strategies, with cybercriminals increasingly relying on social engineering tactics such as phishing, smishing, SIM swapping, and various payment scams. This transition is largely attributed to the enhanced security measures implemented in traditional card fraud prevention, such as chip-and-PIN technology, coupled with the widespread adoption of mobile payment systems. Cybercriminals are now deploying phishing trojans and malicious apps specifically designed to steal financial information and login credentials from unsuspecting users.
Banking malware has witnessed substantial growth over the past three years, reaching a staggering 4.89 million transactions in 2025. However, the growth rate has slowed down, registering only a 3% increase during the observed period, a significant drop from the 29% growth rate recorded the previous year. In contrast to last year, when Zscaler identified approximately 200 malicious apps on Google Play, the company now reports finding 239 malicious applications in the official Android store, which collectively garnered over 42 million downloads.
Another noteworthy trend is the rise of adware, which has emerged as the dominant threat within the Android ecosystem. Adware now accounts for approximately 69% of all detections, nearly doubling its prevalence compared to the previous year. The Joker info-stealer, which led the rankings last year with 38%, has now dropped to second place with 23%. Furthermore, spyware has experienced a remarkable surge, with a 220% year-over-year increase. The SpyNote, SpyLoan, and BadBazaar families, which are primarily used for surveillance, extortion, and identity theft, are identified as the primary drivers of this growth.
Geographically, India, the United States, and Canada have been the most impacted, accounting for 55% of all attacks. Zscaler also observed substantial spikes in attacks targeting Italy and Israel, with year-over-year increases ranging from 800% to 4000%. The report specifically highlights three malware families that have had a significant impact on Android users. Anatsa, a banking trojan that periodically infiltrates Google Play through productivity and utility apps, has garnered hundreds of thousands of downloads each time. Since its discovery in 2020, Anatsa has continuously evolved, and the latest variant can steal data from over 831 financial organizations, cryptocurrency platforms, and new regions, including Germany and South Korea.
Android Void (Vo1d), a backdoor malware targeting Android TV boxes, has infected at least 1.6 million devices running outdated Android Open Source Project (AOSP) versions, primarily in India and Brazil. Xnotice, a new Android remote access trojan (RAT), specifically targets job seekers in the oil and gas industry, particularly in Iran and Arabic-speaking regions. Xnotice spreads through apps masquerading as job application or exam registration tools, distributed through fake employment portals. The malware targets banking credentials through overlays, multi-factor authentication (MFA) codes, SMS messages, and can also capture screenshots.
To defend against Android malware threats, including those originating from Google Play, users are advised to implement security updates, only trust reputable publishers, reject or disable Accessibility permissions, avoid downloading non-essential apps, and regularly run Play Protect scans.
Zscaler’s report also includes trends related to IoT devices, where routers remain the most targeted. Hackers are exploiting command injection vulnerabilities to add routers to botnets or convert them into proxies for malware delivery. The majority of IoT attacks occur in the United States, followed by Hong Kong, Germany, India, and China as emerging hotbeds, indicating that attackers are targeting devices across a wider geographic area.
The cybersecurity company recommends that organizations implement zero-trust technology for critical networks and harden IoT and cellular gateways by monitoring for anomalies and adding protections at the firmware level. Additionally, defenses for mobile endpoints should include monitoring SIM-level traffic for irregularities, protection against phishing attacks, and strict application control policies.