Mobile malware attacks surged in the first half of 2025, driven largely by a sharp increase in banking trojans, according to new data from cybersecurity firm Kaspersky.
The company’s Threat Research team reported that the number of mobile banking trojans detected between January and June was almost four times higher than the same period a year earlier, and more than twice the figure recorded in the second half of 2024.
Banking trojans are malicious applications designed to steal financial credentials, intercept text-based login codes and siphon funds from victims’ accounts.
Overall, attacks on Android smartphone users rose 29 percent compared with the first half of 2024 and 48 percent compared with the second half, underscoring what analysts describe as a rapidly escalating threat landscape.
Kaspersky said new families of malware, including SparkCat, SparkKitty and the long-standing Triada trojan, were among the most prominent in 2025.
Threat actors also deployed fake job search apps, fraudulent reward programs and disguised VPN clients to trick users across different regions.
Read also: Windows draws 7× more malware than macOS, data shows
In Turkiye, Kaspersky detected Coper trojan activity. Coper is designed to steal sensitive financial and personal information, often disguised as legitimate apps like banking or utility software.
In India, a trojan dropper was detected designed to deliver financial or data-stealing malware, often disguised as legitimate reward or loyalty apps. Fake job search apps Fakeapp.hy and Piom.bkzj targeted Uzbekistan, collecting users’ personal data.
In Brazil, new trojan droppers called Pylcasa were active. They infiltrate Google Play, masquerading as simple apps like calculators, but upon launch, they open URLs provided by attackers. Such URLs may lead users to illegal casino sites or phishing pages.
“The first half of 2025 saw a surge in Android malware attacks compared to 2024. There are different attack vectors, and sideloading apps from outside app stores is one of them. Google’s recent initiative to verify developers even for sideloaded apps is an attempt to counter malware spread via APK files outside official app stores.
“However, this step is not a silver bullet. Malware continues to infiltrate even the Google Play Store, where developer verification has long been in effect. Malware infiltrates Apple’s AppStore as well. Attackers will likely find ways to bypass verification, underscoring the need for users to combine robust security solutions, cautious app sourcing and regular OS updates to stay ahead of evolving threats,” says Anton Kivva, malware analyst team lead at Kaspersky.
To be protected from mobile threats, Kaspersky recommends; “Download apps only from official app stores for smartphones, such as Apple App Store and Google Play, but remember that even downloading apps from official stores is not always risk-free; To stay safe, always check app reviews, use only links from official websites, and install reliable security software, like Kaspersky Premium, that can detect and block malicious activity if an app turns out to be fraudulent.
“Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services; Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.”
