ADVERTISEMENT

The rising threat of mobile malware: How to protect your device in 2025

The number of mobile users is increasing every year – and so do the instances of mobile malware.

Malware on the phone

By Cybernews

Nihad A. Hassan
Nihad A. Hassan Contributor
Jul 6, 2025 Updated: 3 July 2025 5 min read
  • An estimated 7.2 billion smartphone users in 2025
  • In the US, 94% of young adults aged 18 to 29 own a smartphone
Jurgita Lapienyte Ernestas Naprys Niamh Ancell vilius
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.

What is mobile malware?

  • Viruses – These are malicious programs that attach their code to legitimate mobile applications and attempt to spread to other devices using various methods.
  • Trojan horse – This is the most common type of mobile malware. Trojans masquerade as legitimate applications to conceal their malicious intent. For example, the Mamont banking Trojan masquerades as a Google Chrome installer package to trick users into downloading and installing it.
  • Spyware – This malware tracks and monitors user activities on the mobile device and sends them back to its operator. For mobile device users, spyware poses special risks, as it can record and steal social media account credentials, in addition to online banking and cryptocurrency wallet passwords.
  • Adware – A type of malware that displays unwanted –or aggressive– advertisements to users. Clicking on these ads will drive the user to phishing websites. For instance, CamScanner, a legitimate application, has a malicious version that displays intrusive ads.
  • Ransomware A critical type of mobile malware that encrypts mobile phone data and requests a ransom to handle the decryption key. SimpleLocker is an example of ransomware that targets Android devices. It can encrypt target device images, videos, and documents in addition to extracting various information from the device and displaying a lock screen that the user cannot remove until they pay a ransom.

Mobile malware distribution mechanisms

ADVERTISEMENT

Malicious application

Social engineering attacks

  • Trust in SMS: Many internet users are still unaware of smishing, a form of phishing that uses SMS messages. They trust clicking links included in SMS messages more than those included in emails, which makes them more vulnerable to phishing attacks via SMS.
  • Mobile phone screen size: The screen size of the largest mobile device is still smaller than a computer screen. This prevents users from viewing the actual destination of URLs (for example, by hovering over the link to reveal the actual URL).
  • Mobile device speed: Smartphones have a faster speed compared to computers. When someone checks their Gmail email using a mobile phone application, it will load faster than the web version. The convenience of speed and easy access to content via mobile apps make them the preferred choice for users to check their online accounts or socialize.

Supply chain attacks

How to defend against mobile malware?

  • Install applications from trusted sources only – Users should not download and install mobile apps from unknown sources. For Android users, use the Google Play Store; for Apple users, download the application from the official App Store.
  • Check app permissions – Always carefully read the permissions requested by the application before installing it on your mobile phone. For example, an English learning application should not have access to your contact list or SMS app.
  • Ensure your mobile device is current – Users should keep their mobile operating system and all installed applications up to date. Updates should be installed using the device's official functions. Avoid installing files from unknown internet sources that claim to update your mobile phone's OS and apps.
  • Be careful of phishing attacks – Do not click links included in SMS messages sent from unknown users. When you receive an SMS from a known organization, such as your bank or a social media website, and they request that you click a link, do not do so on your mobile phone. Instead, open your computer's web browser and continue the steps from there.
ADVERTISEMENT