Within the second quarter of 2025, customers of Android and iOS gadgets confronted relentless cyberthreats, with Kaspersky Safety Community reporting practically 143,000 malicious set up packages detected throughout its cellular safety merchandise.
Though the general variety of cellular assaults—together with malware, adware, and doubtlessly undesirable software program—dropped to 10.71 million in Q2, Trojans remained the predominant hazard, accounting for 31.69 % of all detected threats.
Between April and June 2025, Kaspersky options blocked 10.71 million cellular assaults. This represented a decline from Q1, largely pushed by a big discount in campaigns associated to RiskTool.AndroidOS.SpyLoan—mortgage apps embedded with frameworks that harvest borrower knowledge akin to contacts lists, typically discovered pre-installed on gadgets.
Inside this era, Kaspersky recognized 142,762 set up packages for Android malware and undesirable apps, together with:
- 42,220 cellular banking Trojans
- 695 cellular ransomware Trojans
Banking Trojans held the highest share amongst malware sorts, with the Mamont household dominating. Spy Trojans fell to fifth place because the surge of SMS-stealing Trojan-Spy.AndroidOS.Agent.akg subsided, and Agent.amw adware disguised as on line casino apps additionally waned. RiskTool-type undesirable apps and adware adopted in prevalence, whereas Triada household Trojans comprised many of the generic Trojan class.
A number of new and weird threats emerged in Q2:
A cross-platform stealer dubbed SparkKitty addressed each Android and iOS customers by exfiltrating photos from machine galleries.
Evaluation linked this marketing campaign to the sooner SparkCat malware found on app shops, with malicious app pages mimicking authentic installs.
SparkKitty chief goal is believed to be the theft of cryptocurrency pockets restoration codes saved as screenshots.
In a novel twist, attackers embedded a DDoS-capable SDK inside grownup content material viewer apps. As soon as put in, these apps remodel consenting cellular gadgets into bots able to sending configurable site visitors floods to attacker-designated addresses—underscoring cybercriminals’ creativity in exploiting unsuspecting customers
Posing as a privacy-enhancing VPN shopper, this Trojan harnesses Android’s Notification Listener service to intercept one-time passwords (OTPs) from messaging apps and social networks.
As a substitute of offering VPN protection, it silently relays intercepted codes to attackers through Telegram bots, facilitating account takeovers.
Geographic Hotspots
Area-specific malware tendencies highlighted native outbreaks:
- In Türkiye, Coper banking Trojans (variants .c and .a) struck over 97 % of customers focused by these households.
- India noticed Rewardsteal droppers and banking Trojans affecting 95 % of their victimized consumer base.
- Uzbekistan grappled with Fakeapp.hy and Piom.bkzj Trojans masquerading as job search and utility apps, amassing private knowledge from 85–87 % of their attacked customers.
- Brazil encountered Pylcasa droppers disguised as easy instruments like calculators, which then redirected victims to phishing or illicit on line casino webpages.
Cellular banking Trojans, though barely decrease in Q2 than Q1, remained alarmingly prevalent. Kaspersky detected 42,220 banking Trojan packages, with Mamont variants comprising 57.7 % of this whole.
Among the many high 10 banking Trojan households, Mamont.da elevated from 26.68 % to 30.28 % of attacked customers, whereas newcomer Mamont.ev jumped to 17 % share.
Regardless of a modest decline in total cellular assaults throughout Q2 2025, the cellular risk panorama continues to evolve with refined Trojan campaigns, regional outbreaks, and cross-platform stealers.
Banking Trojans, led by the prolific Mamont household, together with novel DDoS-capable and OTP-stealing Trojans, underscore the persistent dangers cellular customers face. Vigilance, common software program updates, and sturdy cellular safety options stay important defenses in opposition to these ever-adaptable adversaries.
Discover this Story Fascinating! Observe us on LinkedIn and X to Get Extra Instantaneous Updates.
