Mobile Threat Report 2025 Highlights Surge in Banking Trojans and Spyware
In 2025, Kaspersky highlighted a dramatic increase in cyber threats targeting mobile devices, primarily manifested in banking Trojans and spyware. The report noted over 14 million malware-related attacks blocked, with adware remaining the leading mobile threat.
The data reveals that malware, adware, and unwanted software attacks averaged approximately 1.17 million per month. Specifically, adware accounted for 62% of total detections, while there was a significant rise in the discovery of banking Trojans, with 255,090 new installation packages identified throughout the year. Notable malware includes the Keenadu backdoor, embedded in device firmware, and the LunaSpy Trojan, masquerading as antivirus software to exfiltrate sensitive data. These threats indicate a shift in targeting tactics, with attackers increasingly focusing on robust malware solutions that exploit existing vulnerabilities without user intervention.
While the overall number of malicious installation packages showed a decrease, the rise in Trojan-Banker and Trojan-Spy applications signified an evolving landscape. For instance, the Mamont banking Trojan variants surfaced prominently as they accounted for nearly half of all new malicious apps in their category, highlighting their effectiveness and appeal to cybercriminals.
Defensive Context
Organizations with mobile device management frameworks or those that rely on mobile banking applications should prioritize these findings. Users, particularly in regions like Russia, Türkiye, and India, may be at heightened risk due to the localized targeting of specific malware types. Conversely, industries less dependent on mobile solutions might not face immediate threats.
Why This Matters
As mobile banking continues to grow, so do the risks associated with compromised devices. Businesses with mobile infrastructures, particularly banks and financial service providers, should be vigilant against the growing sophistication and prevalence of mobile banking Trojans. The data suggests that attackers are not only increasing in number but are also refining their methods to extract sensitive information efficiently.
Indicators of Compromise (IOCs)
Concrete IOCs were not specified within the article, but organizations should be aware of the most common malware types highlighted, such as the following:
– Trojan.AndroidOS.Mamont
– Trojan.AndroidOS.Triada
– Trojan-Banker.AndroidOS.Coper
Understanding these indicators can aid in establishing detection baselines and threat modeling strategies suitable for environments at risk from mobile threats.
