ISLAMABAD — Cybersecurity company Kaspersky reported a sharp rise in mobile banking cyberattacks in 2025, with Trojan banker malware targeting Android smartphones increasing by 56% compared with the previous year.
According to the company’s latest study, Mobile malware evolution, the attacks primarily targeted users of online banking, e-payment platforms and credit card services. The malware is typically distributed through messaging applications and malicious websites designed to steal login credentials and financial data.
Surge in malicious Android packages
The report found a significant increase in new Trojan banker installation packages for Android. In 2025, researchers detected 255,090 unique malicious APK files, representing a 271% rise from 2024.
Security analysts say the surge suggests that banking malware continues to generate substantial profits for cybercriminal networks. Kaspersky researchers noted that attackers are expanding distribution channels and developing new variants designed to evade security detection.
Among the most active malware families identified in the study were Mamont and Creduz.
Growing concern over preinstalled backdoors
In addition to banking trojans, the report highlighted a rise in preinstalled backdoor malware embedded in some Android devices. According to Kaspersky, backdoors such as Triada and Keenadu have appeared more frequently than in previous years.
Anton Kivva, malware analyst team lead at Kaspersky, said compromised firmware can give attackers extensive control over infected devices.
“People may buy a new Android device that is already infected without realizing the threat,” Kivva said. “Once integrated into the firmware, these backdoors can allow attackers to access nearly all information stored on smartphones or tablets.”
Because such malware is embedded in the device’s firmware, it can be difficult to remove. Kaspersky recommends checking for firmware updates and scanning devices again with a security solution after installing updates.
Security advice for smartphone users
To reduce the risk of infection, Kaspersky advises users to download mobile applications only from trusted sources such as official app stores and developer websites. However, the company notes that malicious apps can occasionally bypass store security checks.
Users are also advised to review app permissions carefully, particularly high-risk permissions such as accessibility services, and to keep operating systems and applications updated.
Installing reliable mobile security software can help detect and block suspicious activity if an application is found to be malicious.
More details about global mobile malware trends are available in Kaspersky’s Securelist research reports.
Today's E-Paper