- Android malware downloads reached alarming levels, with millions of people exposed through trusted apps
- Attackers aggressively moved into mobile payments using social engineering
- Attacks on the energy sector increased dramatically, but IoT and routers are also affected
A growing rise in mobile and IoT security incidents is exposing persistent weaknesses in the systems billions depend on for work, payments and communications, new research claims.
Zscaler identified 239 malicious Android apps on Google Play that together had been downloaded 42 million times.
These apps are often presented as routine productivity or workflow tools that hybrid workers rely on, and the findings also show a move away from card-centric fraud towards mobile payment abuse through phishing, smishing, SIM swapping and related social engineering channels.
Growing mobile engagement
Zscaler reports a 67% year-over-year increase in Android malware transactions, driven by spyware, banking Trojans, and increasingly pervasive adware campaigns.
Adware now accounts for 69% of all detections, while the “Joker” family has fallen to 23%, indicating a shift in the way attackers seek to monetize mobile access.
High-value industries remain central targets, with the energy sector seeing a 387% increase in attack attempts compared to last year.
Manufacturing and transportation continue to face a high volume of IoT threats, accounting for more than 40% of malware activity seen in that category.
IoT attacks continue to be dominated by Mirai, Mozi and Gafgyt, which together account for approximately 75% of malicious payloads.
This trend is reflected in the continued attack on routers, which also account for 75% of all IoT attacks and remain the primary compromised devices for botnet creation and proxy activity.
Mobile attack activity continues to be concentrated in a small group of countries.
India remains the top target for mobile malware, receiving 26% of observed attacks, followed by the United States at 15% and Canada at 14%.
In IoT environments, the United States remains the most attacked country, receiving 54.1% of all malicious traffic.
Malware like the “Android Void” backdoor has infected at least 1.6 million Android TV devices, mainly in India and Brazil.
This shows the impact of outdated firmware and the widespread adoption of low-cost devices.
Zscaler also points to ongoing adaptations in families like “Anatsa” and “Xnotice,” which continue to perfect techniques of financial theft and regional targeting.
“Attackers are targeting areas of maximum impact… A Zero Trust everywhere approach, combined with AI-powered threat detection, is imperative to reduce the attack surface, limit lateral movement, and give organizations the defense they need against constantly evolving attacks,” said Deepen Desai, executive vice president and chief security officer at Zscaler.
How to stay safe
- Keep your device up to date and install new security patches quickly.
- Use a reliable antivirus application from a reputable publisher.
- Enable ransomware protection features when available on your device.
- Run regular malware removal scans to detect hidden or dormant threats.
- Avoid installing unnecessary apps, even if they appear in familiar categories.
- Carefully review app permissions and deny non-essential access.
- Keep Google Play Protect enabled and run manual scans regularly.
- Avoid downloading applications from links in messages, job portals or social networks.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
