New Delhi, January 12, 2026 – India has emerged as the world’s top target for mobile attacks yet again, recording a steep 38% year-over-year increase in mobile threats, according to the India findings of the Zscaler ThreatLabz 2025 Mobile, IoT, and OT Threat Report released today.
The country now accounts for a staggering 26% of all global mobile attack activity, underscoring how rapid digitization, UPI-led payments, and super app ecosystems are drawing intensified attention from cybercriminals.
The report highlights that threat actors are increasingly exploiting mobile and IoT ecosystems as organizations lean into hybrid work, app-driven productivity, and connected devices.
ThreatLabz researchers uncovered hundreds of malicious applications on the Google Play Store, many masquerading as productivity and workflow tools in the “Tools” category.
In total, 239 malicious Android applications were identified, collectively downloaded 42 million times, driving a 67% year-over-year surge in Android malware transactions and amplifying risks from spyware and banking malware.
On the industry front within India, Retail & Wholesale (38%) and Hospitality, Restaurants and Leisure (31%) emerged as the most targeted verticals, followed by Manufacturing (16%) and Energy, Utilities, Oil & Gas (8%).
Mobile Threats in India Up 38%
The concentration of attacks in consumer-facing, transaction-heavy, and operations-intensive environments reflects adversaries’ focus on high-dependency IoT deployments where downtime or disruption can have outsized impact.
From a threat family perspective, IoT-focused backdoor and botnet malware dominated detections in India.
IoT.Backdoor.Gen.LZ alone accounted for 85% of observed cases, followed by ABRisk.IOTX 0 at 8% and IoT.Exploit.CVE 2020 8195 at 1%, pointing to sustained campaigns aimed at compromising connected devices at scale.
Globally, mobile threat activity is heavily clustered in a handful of regions. India leads with 26% of mobile malware traffic, followed by the United States at 15%, Canada at 14%, Mexico at 5%, and South Africa at 4%.
While India is at the epicenter of mobile attacks, the United States remains the top target for IoT attacks, accounting for 54% of IoT malware traffic.
Hong Kong (15%), Germany (6%), India (5%), and China (4%) round out the top five IoT targets, underscoring how both mature and rapidly digitizing economies are being relentlessly probed.
“India’s challenge is stark with breakneck digitization across UPI, super apps, and a sprawling IoT estate, making the country a high-value target,” said Suvabrata Sinha, CISO in Residence, Zscaler.
He stressed the need to operationalize end-to-end Zero Trust, enforce identity- and device-centric access, continuously inspect encrypted traffic, and embed mobile threat defense into enterprise policy across branch, OT, and cellular IoT environments.
ThreatLabz also flagged several emerging trends: a new Android Void backdoor has infected 1.6 million Android-based TV boxes, primarily in India and Brazil; a new RAT dubbed Xnotice is targeting job seekers in the oil and gas sector in MENA; adware has overtaken Joker as the top mobile threat with 69% of cases, while Joker dropped to 23%; and attackers are shifting away from card-centric fraud in favor of mobile payment abuse.
Deepen Desai, EVP and Chief Security Officer at Zscaler, warned that attackers are “pivoting to areas with maximum impact,” pointing to a 67% rise in mobile malware and a 387% spike in IoT/OT attacks on energy sectors often hosting critical infrastructure.
He argued that a “Zero Trust everywhere” approach, augmented with AI-driven threat detection, is now essential to shrinking attack surfaces and limiting lateral movement as organizations confront a rapidly evolving mobile, IoT, and OT threat landscape.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.