Android smartphones attacks have increased considerably in the first quarter of 2025, with attacks on more than 12 million smartphones, according to cyber security specialists.
Attacks on Android smartphones have grown considerably
The ascending tendency of attacked users started from T3 2024 and continues to accentuate, according to Kaspersky report
It threat evolution in Q1 2025: Mobile Statistics.
This increase is due to several factors. The Mamont Banking Trojan has been active in recent months, masking in the form of legitimate applications to steal bank data, text messages and personal information. Other false applications, involved in “Fake Money” scams, were also active. Another commonly encountered mobile threat was the triad, a backdoor identified on counterfeit smartphones, which imitates known brands. This malware would have been installed by attackers between the moment when the devices left the factory and the one in which they arrived on the market. The triad can change the addresses of cryptocurrency wallets during transfers, replace links from browsers, send arbitrary text messages and intercepted the answers, as well as steal authentication data from messaging applications or social networks.
Applications that are not what they seem
A new banking trojan targeting users in Turkey was discovered at the beginning of the year. It presents itself as an app for free watching and serial viewing. The Trojan gets the rights of the device (Deviceadmin), activates access to accessibility functions and allows attackers to take away remote control over the device to steal text messages.
In Turkey, other dangerous banking Trojans were also encountered: Coper, with RAT (Remote Access Trojan), which allows theft by remote control of the device; Browbot, which intercepts text messages; and hqwar and agent bank drops.
In India, users faced the rewardsteal banking trojan, who steals banking data under the pretext of granting money rewards. Also here were detected Udangasteal, previously active in Indonesia, as well as SMFORW.ko, a trojan who redirects the text messages received to another number.
Recommendations to protect mobile devices
• Install applications only from official stores, such as App Store (Apple) or Google Play. However, keep in mind that these sources are not completely safe. Kaspersky has recently identified Sparkcat, the first malware that stole screen catches and manages to go through the App Store Protections. It was also discovered on Google Play, in 20 infected applications, which proves that no store is 100% safe.
• Check app reviews, use only official links and install a reliable security solution, which can detect and block malware if an application is fraudulent.
• Check app permissions and think well before giving access, especially for high risk permissions, such as Accessibility Services.
• Update the operating systems and important applications as soon as new versions are available. Many vulnerabilities can be resolved by simple updates.
