In recent months, Android smartphone users have seen a significant rise in malware attacks, with a 48% increase reported in attacks during the first half of 2025 compared to the latter half of 2024. This surge has been highlighted by Kaspersky Lab, which has identified a variety of emerging mobile threats.
Rise of Malicious Applications
The first half of 2025 saw an influx of applications designed with sinister purposes. Among them are trojans incorporated within apps intended for adult content, which can invisibly launch Distributed Denial-of-Service (DDoS) attacks. These applications have been crafted to stealthily transmit specific data from compromised devices at predetermined intervals, further compromising device security.
An alarming development is the appearance of fake VPN applications that deceive users by masquerading as secure services. These apps exploit notification monitoring to intercept one-time password codes sent from online services, relaying this sensitive data through Telegram bots to attackers who can then hijack user accounts. This invasion of privacy underscores the critical need for vigilance in app sourcing.
Preinstalled and Banking Malware
Kaspersky's data also spotlights the resurgence of 'fakemoney' scam apps, and a disturbing trend in preinstalled malware such as Triada and Dwphon, discovered embedded in the firmware during the manufacturing process. These malicious programs enable persistent data theft and unauthorized activities and can survive even after a factory reset, making them particularly pernicious.
Banking trojans have also seen a dramatic rise, with the number detected in the first half of 2025 almost quadrupling over the same period in 2024, and more than doubling compared to the latter half of 2024. These trojans target financial data, aiming to capture user credentials and plunder accounts.
Guidance and Precautions
Anton Kivva, the team lead at Kaspersky, advises that sideloading apps continue to be a significant threat. Although efforts to improve developer verification and app store scrutiny are ongoing, these measures alone are not foolproof. Users are therefore encouraged to adopt comprehensive security practices.
Kaspersky's recommendations for minimizing risk involve downloading applications solely from official app stores, scrutinizing app reviews and publisher information, and updating operating systems and applications regularly. Users should also pay careful attention to app permissions, particularly those with high-risk capabilities like Accessibility Services, and install reliable security software to safeguard their devices.
The evolving nature of these threats underscores the importance of staying informed and proactive in defending against the ever-increasing sophistication of malware aimed at Android devices.
