ISLAMABAD:
Global cybersecurity firm Kaspersky has reported a sharp rise in mobile banking malware attacks, revealing a 56% increase in Trojan banker incidents targeting Android smartphones in 2025 compared to last year.
According to its latest report, “Mobile Malware Evolution,” Trojan banker malware — designed to steal credentials for online banking, e-payment platforms, and credit card systems — has intensified significantly. Cybercriminals are primarily distributing these malicious programs through messaging applications and fraudulent webpages, exploiting user trust and social engineering tactics.
The number of new Trojan banker installation packages (unique APK files) surged to 255,090 in 2025, marking a staggering 271% increase over 2024. Security analysts suggest the spike indicates strong financial incentives driving cybercriminal activity, with attackers continuously refining tactics to bypass detection systems.
Among the most active Trojan banker families identified were Mamont and Creduz.
Kaspersky experts also flagged a concerning parallel trend: the growing presence of preinstalled backdoors such as Triada and Keenadu. These threats are embedded directly into the firmware of newly purchased Android devices, leaving users unknowingly exposed from the moment of activation.
“Although Trojan bankers for smartphones are the fastest-growing type of malware, we are also observing more frequent cases of preinstalled backdoors,” said Anton Kivva, Malware Analyst Team Lead at Kaspersky. He warned that once integrated into a device’s firmware, such backdoors can grant attackers near-total control, compromising all stored data and making removal extremely difficult.
Kivva advised users who suspect infection to check for firmware updates immediately and run a full device scan after installing any updates to ensure the system remains secure.
To mitigate risks, Kaspersky recommends downloading applications only from official platforms such as the Google Play and the Apple App Store, while cautioning that even official marketplaces are not entirely risk-free. The company further advises installing reputable security solutions like Kaspersky Premium, carefully reviewing app permissions — particularly high-risk access such as Accessibility Services — and regularly updating operating systems and applications.
With mobile banking increasingly central to daily financial transactions, the report underscores the urgent need for stronger digital hygiene as cybercriminal networks escalate efforts to exploit smartphone users worldwide.
