Increase in smartphone attacks in the first half of 2025

According to Kaspersky’s data, the first half of 2025 saw a 29% increase in attacks on Android smartphone users compared to the first half of 2024, and a 48% rise compared to the second half of 2024. In 2025, Kaspersky identified significant mobile threats, including SparkCat, SparkKitty, and Triada, as well as other active threats such as adult-content apps capable of launching DDoS attacks and a VPN app that intercepted login credentials by sending them via SMS. More details can be found in Kaspersky’s report, “IT threat evolution in Q2 2025: Mobile statistics.”

During the second quarter of 2025, attackers incorporated DDoS capabilities into adult-content apps, allowing real-time adjustments to attacks. The trojan sends data from the infected device to the attackers at predefined intervals.

Recently, Kaspersky detected a fake VPN client that compromised user accounts. Instead of functioning as promised, it monitored notifications from messaging and social media apps, intercepted one-time passwords, and sent them to attackers via a Telegram bot.

Most Common Malicious Apps

The malicious apps most frequently encountered by mobile users included Fakemoney scam apps, banking trojans, and preinstalled malware.

• Fakemoney scam apps: Fake apps that trick users into believing they can earn money or rewards through deliveries, games, or investments, but instead steal personal information, funds, or fail to provide real payouts.
• Preinstalled trojans such as Triada and Dwphon: Examples of malware embedded in Android device firmware from the manufacturing stage, allowing data theft, unauthorized actions, and persistence even after a factory reset.
• Mobile banking trojans:

The number of mobile banking trojans detected in the first half of 2025 was nearly four times higher than in the first half of 2024 and more than double compared to the second half of 2024.

Cases by Country

• Turkey: Activity from the Coper trojan was identified. This malware is designed to collect financial and personal data and often disguises itself as official banking or utility apps.
• India: A trojan dropper distributing financial malware or spyware disguised as rewards or incentive apps was detected.
• Uzbekistan: Fake job search apps (Fakeapp.hy and Piom.bkzj) were collecting users’ personal data.
• Brazil: New trojan droppers called Pylcasa entered Google Play disguised as calculator apps. Upon launch, they opened URLs linking to illegal casinos or phishing sites.

Recommendations for Protection

To protect against threats, Kaspersky recommends:

• Download apps only from official stores such as the Apple App Store and Google Play, while remembering that even these are not always completely safe.
• Always check app reviews, use links from official websites, and install reliable security software that can detect and block malicious activity.
• Review app permissions carefully and consider whether to grant access, especially for high-risk permissions like Accessibility Services.
• Keep your operating system and critical apps up to date, as many threats are mitigated by installing the latest updates.