ISLAMABAD — Cybersecurity firm Kaspersky has reported a significant increase in cyberattacks targeting mobile banking users, with Trojan banker malware attacks on Android smartphones rising by 56% in 2025 compared with the previous year.
The findings were published in the company’s latest research report, Mobile malware evolution, which examines global trends in malicious software targeting smartphones. According to the report, the malware is designed to steal login credentials used for online banking platforms, digital payment services and credit card systems.
Researchers said cybercriminals often spread Trojan banker malware through messaging applications and malicious websites that trick users into installing infected files.
Increase in malicious Android files
Kaspersky researchers also recorded a major surge in new Trojan banker installation packages. In 2025, the number of unique malicious Android application files (APK packages) reached 255,090, representing a 271% increase compared with 2024.
Security analysts say the sharp growth suggests that banking malware continues to be a profitable tool for cybercriminal groups. The report indicates that attackers are expanding their distribution methods and creating new variants designed to bypass security protections.
Among the most frequently detected malware families were Mamont and Creduz.
Preinstalled backdoors emerging as another threat
The study also identified an increase in preinstalled backdoor malware on some Android devices. According to Kaspersky, malware such as Triada and Keenadu has appeared more frequently in recent years.
Anton Kivva, malware analyst team lead at Kaspersky, said some users may unknowingly purchase new Android devices that already contain malicious software embedded in the system firmware.
Such backdoors can allow attackers to gain extensive access to devices, potentially compromising personal data stored on smartphones and tablets. Because this malware is integrated into the device firmware, removing it can be difficult.
Kaspersky recommends that users regularly check for firmware updates and scan their devices with reliable security software after installing updates to ensure the system is clean.
Steps to reduce mobile security risks
To minimize exposure to mobile threats, Kaspersky advises users to download applications only from trusted sources such as official developer websites and recognized app stores, including the Apple App Store and Google Play.
Users are also encouraged to review application permissions carefully, especially those requesting access to sensitive system features. Keeping operating systems and applications updated can also reduce security vulnerabilities.
According to the report, installing reputable mobile security software can help detect and block suspicious or fraudulent activity.
Further details about mobile malware trends and global threat patterns are available through Kaspersky’s Securelist research platform.
