According to Kaspersky’s report IT threat evolution in Q1 2025: Mobile statistics, attacks on Android smartphones in Q1 2025 increased, with the number of detected malware samples reaching 180,000 (up 27% from Q4 2024). Threats were blocked on devices of over 12 million smartphone users (up 36% from Q4 2024). The upward trend in attacked users has continued since Q3 2024.
The growth was due to several factors. The Mamont banking Trojan was active over the last months, disguising itself as legitimate software to steal banking credentials, text messages and personal data. Other fake money scam apps were also active. Another mobile threat activity prevalent over the recent months was the Triada backdoor, discovered on fake popular brand smartphones. This malware was likely installed by the attackers at some point after the smartphones left the factory and before they reached the marketplace. Triada can modify cryptocurrency wallet addresses during transfer attempts, replace links in browsers, send arbitrary text messages and intercept replies, and steal login credentials for messaging and social media apps.
Regional specifics
A new banker that attacks users in Turkiye was discovered at the beginning of the year. It mimics an app for viewing movies and TV series for free. The Trojan uses DeviceAdmin permissions to gain a foothold in the system, obtains access to accessibility features, and then helps its operators to control the device remotely and steal text messages.
Turkiye also experienced a prevalence of other banking Trojans: Coper, equipped with RAT capabilities enabling attackers to steal money through remote device management; BrowBot, which pilfers text messages; and the banking Trojan droppers Hqwar and Agent.sm.
In India, users encountered RewardSteal banking Trojans which stole bank details by pretending to offer money. The UdangaSteal Trojan, previously prevalent in Indonesia, and the SmForw.ko Trojan, which forwards incoming text messages to another number, also spread to India.
“Users may mistakenly believe their smartphones are inherently more secure than PCs, but the reality is that mobile malware, like the sophisticated Trojans we explored over the last months, are increasingly active. With the majority of financial transactions now occurring through mobile banking apps, where users manage all of their funds, smartphones are prime targets for cybercriminals. The misconception of default protection stems from allegedly curated app stores and operating system restrictions, but social engineering tactics and modern mobile malware, including preinstalled mobile Trojans, exploit these false securities. Robust mobile protection solutions, coupled with enhanced user digital literacy, are essential to safeguard against these escalating risks,” comments Anton Kivva, Malware Analyst Team Lead at Kaspersky.
To protect yourself from mobile threats, Kaspersky recommends:
Download apps only from official app stores for smartphones, such as Apple App Store and Google Play, but remember that even downloading apps from official stores is not always risk-free. Kaspersky recently discovered SparkCat, the first screenshot-stealing malware to bypass the App Store's security. The malware was also found on Google Play, with a total of 20 infected apps across both platforms, proving that these stores are not 100% foolproof.
To stay safe, always check app reviews, use only links from official websites, and install reliable security software, like Kaspersky Premium, that can detect and block malicious activity if an app turns out to be fraudulent.
Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services.
Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
