A new report from Kaspersky highlights a significant rise in mobile cyber threats, revealing that Trojan banker attacks targeting Android smartphones increased by 56% in 2025 compared to the previous year.
According to the report titled “Mobile malware evolution,” Trojan banker malware is designed to steal sensitive user data, including credentials for online banking platforms, e-payment services, and credit card systems. These malicious programs typically infiltrate devices through messaging applications and compromised web pages.
Sharp increase in malicious installation packages
The report also showed a substantial rise in the number of new Trojan banker installation packages for Android devices. In 2025, the total number of unique APK files linked to this malware reached 255,090 packages.
This figure represents a 271% increase compared to 2024, suggesting that cybercriminals continue to invest heavily in developing and distributing such threats due to their profitability.
Security researchers believe attackers will continue expanding delivery methods and creating new malware variants designed to evade detection by cybersecurity solutions.
Among the most prevalent Trojan banker families identified were Mamont and Creduz, both of which played a significant role in the spread of financial malware targeting Android users.
Rise of preinstalled backdoors in new devices
In addition to the growing threat from Trojan bankers, cybersecurity experts identified another concerning trend: the increasing presence of preinstalled backdoors on new Android devices.
According to Anton Kivva, malware analyst team lead at Kaspersky, backdoors such as Triada and Keenadu have been detected more frequently in recent years.
These backdoors can be embedded directly within a device’s firmware, meaning users may unknowingly purchase brand-new smartphones that are already compromised.
Once installed at the firmware level, such backdoors provide attackers with extensive control over infected devices, potentially allowing them to access personal information, monitor activity, and manipulate system functions.
Removing this type of malware is particularly challenging because it is deeply integrated into the device’s operating system.
Recommendations to protect mobile devices
To reduce the risk of mobile malware attacks, Kaspersky experts recommend several security practices for smartphone users:
-
Download applications only from trusted sources such as the Apple App Store and Google Play.
-
Install reliable cybersecurity software capable of detecting and blocking malicious activity.
-
Carefully review app permissions before granting access, especially high-risk permissions such as Accessibility Services.
-
Regularly update the device’s operating system and installed applications to ensure the latest security patches are applied.
Growing mobile threat landscape
The findings underscore the evolving nature of mobile cybersecurity threats as smartphones become central to financial transactions and digital services.
With cybercriminals increasingly targeting mobile banking systems, experts emphasize the importance of maintaining strong security practices and using advanced protection tools to safeguard sensitive data.
The report indicates that as the mobile threat landscape continues to expand, cybersecurity awareness and proactive protection will remain critical for both individual users and organizations relying on mobile technologies.