According to Kaspersky data, attacks targeting Android smartphone users in the first half of 2025 increased by 29% compared to the first half of 2024 and by 48% compared to the second half of 2024. In 2025, Kaspersky detected significant mobile threats such as SparkCat, SparkKitty, and Triada.

However, other active threats were also detected, including apps with adult content capable of launching DDoS attacks and a VPN app that intercepted login codes sent via text messages. Kaspersky also detected Coper Trojan activity in Turkey. Coper is designed to steal sensitive financial and personal information and is often disguised as legitimate applications such as banking or utility software.

In the second quarter of 2025, attackers embedded functionality in adult content apps for dynamically configured DDoS attacks. This Trojan enables the infected device to send specific data to the attackers at specific intervals.

Kaspersky also recently detected a rogue VPN client that compromised various user accounts. Instead of providing the promised functionality, this client monitors notifications to obtain one-time passcodes from various messaging apps and social networks and sends them to attackers via a Telegram bot.

Most Popular Malicious Apps
The most common malicious apps encountered by mobile users were Fakemoney scams, banking Trojans, and pre-installed malware.

Fake money scams on smartphones deceive users into believing they can win real money or prizes through tasks, games, or investments, then steal their personal information and money or offer no payment at all.

Pre-installed Trojans such as Triada and Dwphon were also frequently detected. These are malware samples embedded in the firmware of Android devices during production, enabling data theft, unauthorized actions, and persistence even after a factory reset.

Mobile banking Trojans

The number of mobile banking Trojans detected in the first half of 2025 nearly quadrupled compared to the first half of 2024 and more than doubled compared to the second half of 2024.

Anton Kivva, Team Leader for Malware Analysts at Kaspersky, said: “The first half of 2025 saw an increase in Android malware attacks compared to 2024. There are different attack paths in this area, and installing apps from outside app stores is one of them. Google’s recent initiative to verify developers, even for sideloaded apps, has been highlighted as a precaution against malware spreading through APK files outside official app stores. However, this step isn’t a magic solution. Malware continues to infiltrate even the Google Play Store, where developer verification has long been in place. Malware is also infiltrating Apple’s App Store. Attackers will likely find ways to bypass this verification as well. This highlights the need for users to combine robust security solutions, vigilant app sources, and regular operating system updates to stay ahead of evolving threats.”

To protect themselves from mobile threats, Kaspersky recommends the following:

• Only download apps from official smartphone app stores, such as the Apple App Store and Google Play. However, remember that downloading apps from official stores isn’t always risk-free.

• To ensure your safety, always check app reviews, only use links from official websites, and install reputable security software like Kaspersky Premium, which can detect and block malicious activity if an app turns out to be fake.

• Check the permissions of the apps you use and think carefully before granting permissions to an app. This is especially true for high-risk permissions like Access Services.

Update your operating system and essential apps as updates are released. Many security issues can be resolved by installing updated versions of the software.