Android under fire: Mobile attacks soar in early 2025

In Q1 2025, Android malware samples rose to 180,000—up 27% from Q4 2024—while threats were blocked on over 12 million devices, a 36% jump, continuing a steady rise in targeted attacks since Q3 2024

Kaspersky’s latest report, “IT Threat Evolution in Q1 2025: Mobile Statistics,” reveals a sharp rise in cyberattacks targeting Android smartphones. In Q1 2025, detected malware samples surged to 180,000—marking a 27% increase from Q4 2024. During the same period, threats were blocked on the devices of over 12 million users, a 36% jump from the previous quarter. This upward trend in targeted attacks has been steadily climbing since Q3 2024.

Trojans and preloaded malware drive attack surge

The growth was due to several factors. The Mamont banking Trojan was active over the last months, disguising itself as legitimate software to steal banking credentials, text messages and personal data. Other fake money scam apps were also active. Another mobile threat activity prevalent over the recent months was the Triada backdoor, discovered on fake popular brand smartphones. This malware was likely installed by the attackers at some point after the smartphones left the factory and before they reached the marketplace. Triada can modify cryptocurrency wallet addresses during transfer attempts, replace links in browsers, send arbitrary text messages and intercept replies, and steal login credentials for messaging and social media apps.

Regional specifics

A new banker that attacks users in Turkiye was discovered at the beginning of the year. It mimics an app for viewing movies and TV series for free. The Trojan uses DeviceAdmin permissions to gain a foothold in the system, obtains access to accessibility features, and then helps its operators to control the device remotely and steal text messages.

Turkiye also experienced a prevalence of other banking Trojans: Coper, equipped with RAT capabilities enabling attackers to steal money through remote device management; BrowBot, which pilfers text messages; and the banking Trojan droppers Hqwar and Agent.sm.

In India, users encountered RewardSteal banking Trojans which stole bank details by pretending to offer money. The UdangaSteal Trojan, previously prevalent in Indonesia, and the SmForw.ko Trojan, which forwards incoming text messages to another number, also spread to India.

“Users may mistakenly believe their smartphones are inherently more secure than PCs, but the reality is that mobile malware, like the sophisticated Trojans we explored over the last months, are increasingly active. With the majority of financial transactions now occurring through mobile banking apps, where users manage all of their funds, smartphones are prime targets for cybercriminals. The misconception of default protection stems from allegedly curated app stores and operating system restrictions, but social engineering tactics and modern mobile malware, including preinstalled mobile Trojans, exploit these false securities. Robust mobile protection solutions, coupled with enhanced user digital literacy, are essential to safeguard against these escalating risks,” comments Anton Kivva, Malware Analyst Team Lead at Kaspersky.

To protect yourself from mobile threats, Kaspersky recommends:

·       Download apps only from official app stores for smartphones, such as Apple App Store and Google Play, but remember that even downloading apps from official stores is not always risk-free. Kaspersky recently discovered SparkCat, the first screenshot-stealing malware to bypass the App Store's security. The malware was also found on Google Play, with a total of 20 infected apps across both platforms, proving that these stores are not 100% foolproof.

·       To stay safe, always check app reviews, use only links from official websites, and install reliable security software, like Kaspersky Premium, that can detect and block malicious activity if an app turns out to be fraudulent.

·       Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services.

·       Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.