Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
LECS 320x100 1
Banner Ransomfeed 970x120 1
Android malware to surge in 2025: 67% more attacks than last year

Android malware to surge in 2025: 67% more attacks than last year

Redazione RHC : 8 November 2025 08:37

Analysts at cybersecurity firm Zscaler calculated that between June 2024 and May 2025 , 239 malicious apps were discovered on Google Play, which in total were downloaded more than 42 million times.

According to the researchers’ report, the number of attacks on mobile devices increased by 67% over the past year. The main threats were banking Trojans, spyware, and adware.

The main driver of this significant growth is attacks on mobile payments. Criminal hackers are abandoning traditional credit card counterfeiting methods and focusing on social engineering : phishing, smishing, SIM swapping, and other forms of payment fraud.

While last year Zscaler counted around 200 malicious programs in the official Android app store, this year it detected 239. The most common threat was adware , which accounted for 69 percent of all cases. The Joker infostealer ranked second (23 percent).

Another trend is the growing use of spyware, up 220% year-over-year . The most common remain SpyNote, SpyLoan, and BadBazaar , used for surveillance, blackmail, and identity theft.

Android malware most frequently targets users in India, the United States, and Canada, accounting for 55% of attacks. In Italy and Israel, infection rates have increased by 800-4000% year-over-year.

In their annual report, researchers identify three particularly dangerous and widespread malware families.

  • Anatsa is a banking Trojan that periodically appears on Google Play disguised as a useful utility and steals data from the apps of over 830 banks and cryptocurrency platforms.
  • Android Void (Vo1d) is a backdoor for TV boxes running older versions of the Android Open Source Project (AOSP) that has infected at least 1.6 million devices.
  • Xnotice is a RAT Trojan that targets job seekers in the oil and gas sector, particularly in Iran and Arabic-speaking regions, by stealing banking credentials, two-factor authentication codes, and SMS messages.

Experts remind users to install updates promptly, avoid apps that require access to accessibility services, scan devices with Play Protect, and avoid downloading unnecessary apps.

Additionally, researchers are seeing an increase in attacks on IoT devices (primarily routers), which are infected through various vulnerabilities and then become part of botnets and proxy servers for malware distribution.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli