A sharp rise in mobile banking malware targeting Android users was recorded in 2025, with attacks increasing by 56% compared to the previous year, according to a new report by cybersecurity firm Kaspersky.
The findings were published in the company’s latest report, “Mobile Malware Evolution,” which highlights the growing threat posed by Trojan banker malware.
These malicious programs are specifically designed to steal sensitive financial information such as online banking credentials, e-payment account details, and credit card data.
According to the report, cybercriminals are increasingly using messaging applications and malicious websites to distribute Trojan banker malware.
Once installed, the malware can secretly capture login details and other personal information, allowing attackers to access victims’ financial accounts.
The report also revealed a dramatic increase in the number of new Trojan banker installation packages created for Android devices.
Read More: Kaspersky Finds 1 Mln Daily Attempts to Collect User Data
In 2025, researchers identified 255,090 unique Android installation files (APKs) containing Trojan banker malware, marking a 271 percent surge compared to 2024. Analysts believe this rapid growth suggests the malware is proving highly profitable for cybercriminal networks.
Among the various Trojan banker families detected, the most prominent were Mamont and Creduz, which accounted for a significant share of attacks targeting Android users.
Cybersecurity experts at Kaspersky also highlighted another worrying trend: the increasing presence of preinstalled backdoors on new Android devices.
Malware families such as Triada and Keenadu have been discovered embedded directly in device firmware before consumers even purchase the phones.
Anton Kivva, malware analyst team lead at Kaspersky, said such infections pose a serious risk because users may unknowingly buy brand-new smartphones that are already compromised.
Read More: Telecom Sector Most Vulnerable to Cyberattacks, Kaspersky Report Reveals
“Preinstalled backdoors integrated into firmware provide attackers with virtually unlimited control over victims’ smartphones and tablets,” Kivva said. “Once infected, all information stored on the device can potentially be accessed by cybercriminals.”
He noted that removing such malware can be particularly challenging. Users who suspect their devices may be infected are advised to check for firmware updates and perform a full security scan after installing updates to ensure the device remains safe.
To reduce the risk of infection, Kaspersky recommends downloading mobile applications only from trusted sources such as the official app stores for major platforms, including Google Play and Apple App Store. However, the company cautioned that even official stores cannot guarantee complete safety.
Security experts also advise users to install reliable mobile security software, review app permissions carefully, and regularly update operating systems and apps to patch vulnerabilities.
