The rising threat of mobile malware

The number of mobile users is increasing every year – and so do the instances of mobile malware. But how can you protect your device today, when cybercriminals are becoming far more sophisticated in their tactics?

Significant advancements in mobile networks and internet communication technologies have led to the number of smartphone users worldwide rising exponentially.

Now that the majority of the global population owns a smartphone with internet access, the estimated number of smartphone users is expected to be extremely large, with billions more users anticipated by the end of the decade.

An estimated 7.2 billion smartphone users in 2025
In the US, 94% of young adults aged 18 to 29 own a smartphone

Universal access to mobile phone services is indicative of increased access to internet services. More individuals are using their smartphones to socialize and conduct business, purchasing items online or using online banking services. For cybercriminals, this level of openness presents an open invitation to exploit smartphone devices for their malicious purposes.

Kaspersky Security Network notes that the number and complexity of mobile-based cyberattacks are increasing at an unprecedented rate. For example, since the beginning of 2025, the number of blocked malware, adware, or unwanted apps attacks on mobile devices reached 12 million attacks. 39.56% of the total detected threats were trojans, which are intended to steal sensitive target user data such as access credentials and online banking information.

Don’t miss our latest stories on Google News

What is mobile malware?

Mobile malware is a type of malicious software used to target mobile devices by exploiting their security vulnerabilities to steal data or corrupt system files. It can take different forms, such as:

Viruses – These are malicious programs that attach their code to legitimate mobile applications and attempt to spread to other devices using various methods.
Trojan horse – This is the most common type of mobile malware. Trojans masquerade as legitimate applications to conceal their malicious intent. For example, the Mamont banking Trojan masquerades as a Google Chrome installer package to trick users into downloading and installing it.
Spyware – This malware tracks and monitors user activities on the mobile device and sends them back to its operator. For mobile device users, spyware poses special risks, as it can record and steal social media account credentials, in addition to online banking and cryptocurrency wallet passwords.
Adware – A type of malware that displays unwanted –or aggressive– advertisements to users. Clicking on these ads will drive the user to phishing websites. For instance, CamScanner, a legitimate application, has a malicious version that displays intrusive ads.
Ransomware – A critical type of mobile malware that encrypts mobile phone data and requests a ransom to handle the decryption key. SimpleLocker is an example of ransomware that targets Android devices. It can encrypt target device images, videos, and documents in addition to extracting various information from the device and displaying a lock screen that the user cannot remove until they pay a ransom.

Mobile malware distribution mechanisms

Threat actors use different methods to distribute mobile malware; here are the most prominent ones:

Malicious application

These applications are developed to execute malicious actions like stealing account credentials or spying on your activity. They are designed to mimic legitimate applications in order to trick users into downloading and installing them. An example of this type of application could be an app that appears to be a popular game or web browser but contains malware designed to steal personal information.

Threat actors commonly use unofficial app stores, such as APKPure and Aptoide, to distribute such applications; however, in many instances, official stores, such as Google Play, are used.

A recent incident utilizing the official App marketplace to disseminate malware was identified earlier this year. Security researchers from Bitdefender identified a large Ad fraud operation that had infiltrated the Google Play Store, featuring hundreds of malicious applications.

This campaign had an extensive reach, with total downloads for the affected applications exceeding 60 million. The malicious apps employed two modes of attack: the aggressive display of contextually incorrect advertisements, which generated fraudulent revenue, and sophisticated phishing operations, which attempted to convince unsuspecting users to disclose their sensitive data, including usernames, passwords, and financial information, such as credit card details.

Most internet users tend to check their work and personal emails using their mobile phones when they are away from their PCs. It is worth noting that social engineering (SE) is considered more successful against mobile phone users than computer users for the following reasons:

Trust in SMS: Many internet users are still unaware of smishing, a form of phishing that uses SMS messages. They trust clicking links included in SMS messages more than those included in emails, which makes them more vulnerable to phishing attacks via SMS.
Mobile phone screen size: The screen size of the largest mobile device is still smaller than a computer screen. This prevents users from viewing the actual destination of URLs (for example, by hovering over the link to reveal the actual URL).
Mobile device speed: Smartphones have a faster speed compared to computers. When someone checks their Gmail email using a mobile phone application, it will load faster than the web version. The convenience of speed and easy access to content via mobile apps make them the preferred choice for users to check their online accounts or socialize.

Supply chain attacks

There are inherent challenges with supply chain attacks on mobile devices that traditional security practices cannot handle effectively. For instance, when malware is introduced at the manufacturing level, a user will not benefit from installing protective software or taking security measures to prevent compromise. This leaves an upfront security hole with no regard for traditional defenses whatsoever.

Mitigating such attacks is only possible through cross-industry cooperation, as well as tighter security validation processes that cover the whole lifecycle of a mobile device manufacturing and distribution channel until reaching the final consumer.

For instance, many sources state that China is actively preinstalling malware on new mobile devices sold in the USA to conduct surveillance and execute different cyberattacks against USA targets. The US has confirmed many cases of preinstalled backdoors on laptops and mobile phones manufactured in China.

How to defend against mobile malware?

Mobile users should take steps to safeguard their mobile devices and data against mobile malware. Here are the most critical ones:

Install applications from trusted sources only – Users should not download and install mobile apps from unknown sources. For Android users, use the Google Play Store; for Apple users, download the application from the official App Store.
Check app permissions – Always carefully read the permissions requested by the application before installing it on your mobile phone. For example, an English learning application should not have access to your contact list or SMS app.
Ensure your mobile device is current – Users should keep their mobile operating system and all installed applications up to date. Updates should be installed using the device's official functions. Avoid installing files from unknown internet sources that claim to update your mobile phone's OS and apps.
Be careful of phishing attacks – Do not click links included in SMS messages sent from unknown users. When you receive an SMS from a known organization, such as your bank or a social media website, and they request that you click a link, do not do so on your mobile phone. Instead, open your computer's web browser and continue the steps from there.