- Android malware downloads reached alarming levels, with millions exposed through trusted apps
- Attackers aggressively shifted towards mobile payments using social engineering
- Attacks from the energy sector increased dramatically, but IoT and routers are also affected
A growing rise in mobile and IoT security incidents exposes persistent weaknesses in systems that billions rely on for work, payments and communication, new research has claimed.
Zscaler identified 239 malicious Android apps on Google Play, which had been downloaded a total of 42 million times.
These apps are often presented as routine productivity or workflow tools trusted by hybrid workers, and the findings also show a move away from card-focused fraud towards mobile payment abuse through phishing, smishing, SIM swapping and related social engineering channels.
Increasing mobile compromise
Zscaler reports a 67% year-over-year increase in Android malware transactions, driven by spyware, banking Trojans and increasingly dominant adware campaigns.
Adware now represents 69% of all registrations, while the “Joker” family has dropped to 23%, indicating a shift in how attackers seek to monetize mobile access.
High-value industries remain key targets, with the energy sector recording a 387% increase in attack attempts compared to last year.
Manufacturing and transportation continue to face a high volume of IoT threats, accounting for more than 40% of observed malware activity in that category.
IoT attacks continue to be dominated by Mirai, Mozi and Gafgyt, which together account for around 75% of malicious payloads.
This trend is reflected in the continued targeting of routers, which also represent 75% of all IoT attacks and remain the primary devices compromised for botnet building and proxy activity.
Mobile attack activity continues to cluster in a small group of countries.
India remains the top target for mobile malware, receiving 26% of observed attacks, followed by the US at 15% and Canada at 14%.
In IoT environments, the US remains the most targeted country, receiving 54.1% of all malicious traffic.
Malware such as the “Android Void” backdoor has infected at least 1.6 million Android TV boxes, primarily in India and Brazil.
This shows the impact of outdated firmware and widespread use of cheap devices.
Zscaler also points to ongoing adaptations in families like “Anatsa” and “Xnotice,” which continue to refine techniques for financial theft and regional targeting.
“Attackers are pivoting to areas of maximum impact… A zero-trust everywhere approach, combined with AI-powered threat detection, is imperative to reducing the attack surface, limiting lateral movement, and giving organizations the defense they need against ever-evolving attacks,” said Deepen Desai, EVP and Chief Security Officer at Zscaler.
How to stay safe
- Keep your device up to date and install new security patches immediately.
- Use a reliable antivirus app from a reputable publisher.
- Enable ransomware protection features when available on your device.
- Run periodic malware removal scans to check for hidden or dormant threats.
- Avoid installing unnecessary apps, even if they appear in familiar categories.
- Review app permissions carefully and deny access that isn’t essential.
- Keep Google Play Protect enabled and run manual scans regularly.
- Avoid downloading apps from links in messages, job portals or social media.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
