- Malware downloads on Android have reached alarming levels, with millions exposed via trusted apps.
- Attackers aggressively pivoted to mobile payments using social engineering
- Attacks in the energy sector have increased significantly, but IoT and routers are also affected
A growing rise in mobile and IoT security incidents reveals persistent weaknesses in the systems that billions of people depend on to work, pay and communicate, according to a new study.
Zscaler identified 239 malicious Android apps on Google Play, which have collectively been downloaded 42 million times.
These apps are often presented as productivity or routine workflow tools that hybrid workers trust, with findings also showing a shift away from card-focused fraud towards mobile payment abuse through phishing, smishing, SIM swapping and related social engineering channels.
Growing mobile compromise
Zscaler reports a 67% year-over-year increase in Android malware transactions, driven by increasingly dominant spyware, banking Trojans and adware campaigns.
Adware now accounts for 69% of all detections, while the “Joker” family has dropped to 23%, indicating a shift in how attackers seek to monetize mobile access.
High-value industries remain central targets, with the energy sector seeing a 387% increase in attack attempts compared to last year.
Manufacturing and transportation continue to face a large number of IoT threats, accounting for more than 40% of the malware activity seen in this category.
IoT attacks remain dominated by Mirai, Mozi and Gafgyt, which together account for approximately 75% of malicious payloads.
This trend is reflected in the continued targeting of routers, which also account for 75% of all IoT attacks and remain the leading compromised devices for botnet creation and proxy activity.
Mobile attacks continue to be concentrated in a small group of countries.
India remains the top target for mobile malware, receiving 26% of observed attacks, followed by the United States with 15% and Canada with 14%.
In IoT environments, the United States remains the most targeted country, receiving 54.1% of all malicious traffic.
Malware such as the “Android Void” backdoor has infected at least 1.6 million Android TV boxes, mainly in India and Brazil.
This shows the impact of outdated firmware and widespread adoption of low-cost devices.
Zscaler also highlights ongoing adaptations in families like “Anatsa” and “Xnotice,” which continue to refine techniques for financial theft and regional targeting.
“Attackers are focusing on areas of maximum impact… A Zero Trust approach everywhere, combined with AI-driven threat detection, is imperative to reduce the attack surface, limit lateral movement, and provide organizations with the defense they need against ever-evolving attacks,” said Deepen Desai, executive vice president and chief security officer at Zscaler.
How to stay safe
- Keep your device up to date and install new security patches quickly.
- Use a trustworthy antivirus application from a reputable vendor.
- Enable ransomware protection features when available on your device.
- Run periodic malware removal scans to look for hidden or dormant threats.
- Avoid installing unnecessary apps, even if they appear in familiar categories.
- Carefully review app permissions and deny non-essential access.
- Keep Google Play Protect enabled and run manual scans regularly.
- Avoid downloading apps from links in posts, job portals or social networks.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
