The number of cyberattacks targeting mobile banking platforms increased sharply in 2025, with Trojan banker malware on Android smartphones rising by 56 percent compared to the previous year, according to a new report by cybersecurity firm Kaspersky. The report, titled Mobile Malware Evolution, highlights a surge in malware designed to steal credentials for online banking, e-payment systems, and credit card platforms. Threat actors are reportedly distributing these malicious programs through messaging apps, phishing webpages, and other online channels, aiming to compromise financial data from unsuspecting users.
Kaspersky noted that new installation packages for Trojan bankers, identified as unique APK files, reached 255,090 globally in 2025. Analysts suggest this growth reflects the profitability of these malware campaigns for cybercriminals and signals that attackers will continue to expand distribution channels while developing variants to evade detection. Anton Kivva, malware analyst team lead at Kaspersky, explained that while Trojan bankers remain the fastest-growing malware type for mobile devices, a related trend involves preinstalled backdoors appearing more frequently on Android devices. These backdoors, including Triada and Keenadu, come embedded in new devices and allow attackers to gain extensive control over smartphones and tablets before users even begin using the devices.
According to experts, preinstalled backdoors are particularly concerning because they operate within the firmware, providing attackers unrestricted access to device data. Users may remain unaware of the infection since the malware is fully integrated at the system level, making it extremely difficult to remove without a firmware update. Kivva emphasized that users should regularly install official firmware updates and run comprehensive security scans afterward to ensure that newly installed software has not been compromised. These measures, combined with cautious app installation practices, are essential for mitigating the risk of embedded threats.
The Kaspersky report recommends downloading apps exclusively from trusted sources, such as Google Play and Apple App Store, while warning that even apps from official stores may carry some risk. Users are advised to review app permissions carefully, particularly for high-risk access such as Accessibility Services, and to keep operating systems and essential applications updated. Following these precautions can address many vulnerabilities, reduce exposure to malware, and help maintain the security of financial and personal data stored on mobile devices. Analysts predict that mobile banking malware will continue to evolve in sophistication and scale as cybercriminals seek to exploit the increasing reliance on smartphones for financial transactions.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
