Cybercriminals unleashed a massive wave of mobile malware attacks during the second quarter of 2025, with security researchers detecting nearly 143,000 malicious installation packages targeting Android and iOS devices.
This surge represents a significant escalation in mobile cyber threats, affecting millions of users worldwide through sophisticated attack vectors designed to steal sensitive data, compromise financial information, and establish persistent backdoors on infected devices.
The malware landscape during Q2 2025 demonstrated remarkable diversity in both attack methodologies and target demographics.
Banking Trojans emerged as the dominant threat category, accounting for 42,220 malicious packages, while mobile ransomware Trojans contributed an additional 695 packages to the threat ecosystem.
The attacks primarily leveraged social engineering tactics, fake application stores, and compromised legitimate applications to infiltrate user devices, with cybercriminals showing increasing sophistication in bypassing modern security mechanisms.
.webp "143,000 Malware Files Attacked Android and iOS Device Users in Q2 2025 3")
According to Kaspersky Security Network data, the quarter witnessed 10.71 million blocked attacks involving malware, adware, and unwanted mobile software.
Trojans represented the most prevalent threat type, comprising 31.69% of all detected malicious activities.
Securelist researchers identified several concerning trends, including the emergence of pre-installed malware on certain device models and the evolution of existing threat families to incorporate new evasion techniques.
Among the most notable discoveries was the SparkKitty malware, a sophisticated threat targeting both Android and iOS platforms with image-stealing capabilities.
This malicious application specifically targeted cryptocurrency wallet recovery codes stored as screenshots in device galleries, representing a direct threat to digital asset security.
The malware operated by masquerading as legitimate applications while secretly exfiltrating sensitive visual data to remote servers controlled by cybercriminals.
Advanced Persistence and Evasion Mechanisms
The technical sophistication of Q2 2025 mobile malware reached unprecedented levels, particularly in persistence and detection evasion strategies.
The Trojan-Spy.AndroidOS.OtpSteal.a exemplified this evolution by disguising itself as a Virtual Private Network client while implementing the Notification Listener service to intercept one-time password codes from messaging applications and social networks.
This approach allowed attackers to bypass two-factor authentication mechanisms by automatically forwarding intercepted codes to Telegram channels via automated bots.
The malware’s persistence mechanisms involved deep system integration, with samples like Trojan-DDoS.AndroidOS.Agent.a embedding malicious Software Development Kits directly into adult content viewing applications.
This integration technique enabled the creation of distributed denial-of-service botnets from compromised mobile devices, demonstrating how cybercriminals are adapting traditional attack methodologies for mobile platforms.
The embedded SDK allowed for dynamic configuration of attack parameters, including target addresses and transmission frequencies, providing attackers with flexible command and control capabilities.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source link
