A recent report from Zscaler, a prominent cloud security firm, has unveiled a troubling trend in mobile security. According to their ThreatLabz 2025 Mobile, IoT, and OT Threat Report, hundreds of malicious applications have been found hosted on the Google Play Store, amassing over 42 million installs. This alarming discovery highlights a significant global uptick in Android malware, with India emerging as the primary target for mobile attacks.
The findings, derived from data collected by Zscaler between June 2024 and May 2025, paint a stark picture of the current digital landscape.
Mobile malware increases by 67%
Zscaler’s ThreatLabz researchers identified 239 malicious applications cleverly disguised within the “Tools” category, masquerading as productivity and workflow utilities. This strategic placement has led to an astonishing 42 million downloads worldwide. The report indicates a continuous rise in digital risk, with Android malware transactions experiencing a 67% increase year-over-year. This surge is largely attributed to the persistent use of spyware and banking malware.
India leads in mobile attack volume
Mobile threats are predominantly concentrated in three key regions, but India stands out as the most affected, accounting for 26% of all observed mobile attacks. This marks a 38% increase in mobile threat incidents compared to the previous year. Meanwhile, the United States remains the focal point for IoT attacks, responsible for 54% of such activities, followed by Hong Kong at 15%.
The report underscores a strategic shift among cybercriminals, who are increasingly targeting sectors where their attacks can yield maximum impact:
- Energy sector: This sector has seen a staggering 387% increase in attacks year-over-year, signaling a growing threat to critical infrastructure.
- Manufacturing and transportation: These sectors continue to be the most frequently targeted within the IoT landscape, together accounting for over 40% of total IoT malware incidents. The report also notes a shift among hackers, who are moving away from card-focused fraud in favor of exploiting mobile payment systems.
