Victims are getting more mobile

Kaspersky Lab has released a report on mobile threats for 2025. Key trends:

🗡 In 2025, Kaspersky's security solutions detected over 14 million attacks on mobile devices. Smartphones have finally stopped being a secondary target and are now a primary attack vector alongside PCs.

👾 The structure of mobile threats has changed significantly: the share of banking Trojans grew from ~6% to 31%, while adware and RiskTool category declined. This shift shows attackers' growing focus on direct monetization tools — mobile banking apps, crypto wallets, and payment services.

🤖 Android remains the main attack platform: 18 of the top 20 most common malware types target this OS. This trend is driven by Android's massive user base and the ability to install third-party APKs, which are often used in phishing attacks.

🎣 A significant share of attacks spread through social engineering: malicious APKs, fake apps, links, and messages via messengers. It's easier to trick a user than to exploit a vulnerability — and attackers actively use this as a simpler, more scalable way to infect devices.

Most notable malware examples:

🚪 Keenadu — a preinstalled backdoor with extensive functionality, integrated into device firmware and capable of remote updates.

🤖 Kimwolf — a botnet targeting Android TV boxes: infected devices are used for DDoS attacks and as proxy nodes.

🐴 LunaSpy — a Trojan disguised as an antivirus that steals user data and can perform audio and video surveillance.

2025 has cemented the trend of growing interest in mobile devices as full-scale attack targets. Mobile attacks largely focus on individual users rather than corporate infrastructure, relying heavily on phishing and fake apps. Regular users find it harder to defend against such threats since they lack corporate-level filtering and protection mechanisms. At the same time, attack strategies are evolving — adversaries are betting on scale and repeatability. The declining diversity of malware indicates that attacks are increasingly based on standardized scenarios. Supply chain risks are also rising: the growing number of preinstalled backdoors means a device can be compromised before it even reaches the user.

💬 Discuss