Cybersecurity threats targeting mobile devices and critical infrastructure have escalated significantly, as highlighted in Zscaler’s latest research. The findings reveal a sophisticated campaign by threat actors who have infiltrated Google’s official app marketplace, resulting in the distribution of hundreds of malicious applications. According to Zscaler, Inc. (NASDAQ: ZS), their ThreatLabz 2025 Mobile, IoT, and OT Threat Report indicates that 239 malicious Android applications available on the Google Play Store have been downloaded an astonishing 42 million times. In addition, the energy sector has seen a staggering 387% increase in cyberattacks compared to the previous year.
These malicious applications primarily disguise themselves within the “Tools” category, masquerading as legitimate productivity and workflow tools. This strategy exploits users’ trust, particularly among those working in hybrid and remote environments where mobile devices are essential for professional tasks. The report also documented a concerning 67% year-over-year increase in Android malware transactions, with spyware and banking malware continuing to present significant risks to users globally. This distribution strategy takes advantage of the growing reliance on mobile productivity tools, making it easier for cybercriminals to compromise unsuspecting users who believe they are downloading helpful business applications from a trusted source.
Manufacturing and Transportation
Beyond the immediate threat to individual users, the research identified manufacturing and transportation sectors as prime targets for mobile and IoT attacks. The energy sector’s alarming 387% surge in cyberattacks underscores a troubling trend, with threat actors increasingly focusing on industries where successful breaches can yield substantial returns and cause widespread disruption.
In the Internet of Things landscape, both manufacturing and transportation sectors accounted for 20.2% of all observed IoT malware attacks during the research period, collectively representing over 40% of total incidents. This marks a notable shift from 2024, when manufacturing alone dominated with 36% of incidents, followed by transportation at 14%. The data suggests that threat actors are diversifying their strategies, spreading attacks across multiple high-dependency IoT industries rather than concentrating on a single sector. The malware families responsible for these attacks exhibit concerning patterns, with approximately 40% of blocked transactions linked to the notorious Mirai family. Meanwhile, Mozi has overtaken Gafgyt to become the second most prevalent malware family. Together, Mirai, Mozi, and Gafgyt account for roughly 75% of all malicious payloads detected in IoT environments, demonstrating how established malware families continue to evolve and maintain their effectiveness.
Geographically, mobile threats have concentrated in three key regions. India remains the top target for mobile attacks, accounting for 26% of all mobile malware activity and experiencing a significant 38% increase compared to the previous year. The United States follows with 15% of mobile attacks, while Canada represents 14%. Mexico and South Africa round out the top five countries with 5% and 4%, respectively. The IoT threat landscape presents a different geographic picture, with the United States serving as both a hub for IoT activity and the primary target for malware attacks at 54% of all incidents. Hong Kong comes in second with 15% of IoT malware traffic, followed by Germany at 6%, India at 5%, and China at 4%.
“Attackers are pivoting to areas with maximum impact. We’re seeing a year-over-year rise of 67% in malware targeting mobile devices and 387% in IoT/OT attacks on energy sectors often hosting critical infrastructure, which is a massive swing,” said Deepen Desai, EVP and Chief Security Officer at Zscaler. He emphasized that a Zero Trust everywhere approach, combined with AI-powered threat detection, has become imperative for reducing attack surfaces and providing organizations with adequate defense against ever-evolving threats.
New Threats and Evolving Tactics Emerge
The report also identified several emerging threats that security professionals should monitor closely. A new backdoor known as Android Void malware has infected 1.6 million Android-based TV boxes, primarily impacting users in India and Brazil. Additionally, researchers discovered Xnotice, a new Remote Access Trojan (RAT) specifically targeting job seekers in the oil and gas industry, particularly in the Middle East and North Africa region. Adware has now overtaken the Joker malware family as the top mobile threat, representing 69% of cases, while Joker has dropped from 38% last year to just 23%. The research indicates that threat actors are shifting their focus away from traditional card-focused fraud toward mobile payment systems, reflecting the changing landscape of digital financial transactions.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
