Cybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research.
The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications.
The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat Report reveals that 239 malicious Android applications hosted on the Google Play Store have been downloaded a staggering 42 million times, while critical infrastructure in the energy sector experienced a massive 387% increase in attacks compared to the previous year.
These dangerous apps primarily disguised themselves within the “Tools” category, masquerading as legitimate productivity and workflow applications to exploit users’ trust particularly those working in hybrid and remote environments where mobile devices have become essential for professional tasks.
The report documented a concerning 67% year-over-year increase in Android malware transactions, with spyware and banking malware continuing to pose significant risks to users worldwide.
This distribution strategy capitalizes on the growing reliance on mobile productivity tools, making it easier for cybercriminals to compromise unsuspecting users who believe they are downloading helpful business applications from a trusted source.
Beyond the immediate threat to individual users, the research identified manufacturing and energy sectors as prime targets for mobile and IoT attacks.
The energy sector’s 387% surge in cyberattacks represents a particularly alarming escalation of threats against critical infrastructure, highlighting how threat actors are increasingly focusing on industries where successful breaches can yield substantial returns and cause widespread disruption.
Manufacturing and Transportation
In the Internet of Things landscape, both manufacturing and transportation sectors each accounted for 20.2% of all observed IoT malware attacks during the research period collectively representing over 40% of total incidents.
This marks a notable shift from 2024, when manufacturing alone dominated with 36% of incidents, followed by transportation at 14%.
The data suggests threat actors are diversifying their strategies and spreading attacks across multiple high-dependency IoT industries rather than concentrating on a single sector.
The malware families responsible for these attacks show concerning patterns, with roughly 40% of blocked transactions linked to the notorious Mirai family alone.
Meanwhile, Mozi has overtaken Gafgyt to become the second most prevalent malware family. Together, Mirai, Mozi, and Gafgyt account for approximately 75% of all malicious payloads detected in IoT environments, demonstrating how established malware families continue to evolve and maintain their effectiveness.
Geographically, mobile threats have concentrated in three key regions. India continues to be the top target for mobile attacks, accounting for 26% of all mobile malware activity and experiencing a significant 38% increase compared to the previous year.
The United States follows with 15% of mobile attacks, while Canada represents 14%. Mexico and South Africa round out the top five countries with 5% and 4% respectively.
The IoT threat landscape presents a different geographic picture, with the United States serving as both a hub for IoT activity and the primary target for malware attacks at 54% of all incidents. Hong Kong comes in second with 15% of IoT malware traffic, followed by Germany at 6%, India at 5%, and China at 4%.
“Attackers are pivoting to areas with maximum impact. We’re seeing a YoY rise of 67% in malware targeting mobile devices and 387% in IoT/OT attacks on energy sectors often hosting critical infrastructure, which is a massive swing,” said Deepen Desai, EVP and Chief Security Officer at Zscaler.
He emphasized that a Zero Trust everywhere approach, combined with AI-powered threat detection, has become imperative for reducing attack surfaces and providing organizations with adequate defense against ever-evolving threats.
New Threats and Evolving Tactics Emerge
The report also identified several emerging threats that security professionals should monitor closely. A new backdoor called Android Void malware has infected 1.6 million Android-based TV boxes, primarily affecting users in India and Brazil.
Additionally, researchers discovered Xnotice, a new Remote Access Trojan (RAT) specifically targeting job seekers in the oil and gas industry, particularly in the Middle East and North Africa region.
Adware has overtaken the Joker malware family as the top mobile threat, now representing 69% of cases, while Joker dropped from 38% last year to just 23%.
The research also indicates that threat actors are shifting their focus away from traditional card-focused fraud toward mobile payment systems, reflecting the changing landscape of digital financial transactions.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.