Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler.
During the same period, the company observed a 67% year-over-year growth in malware targeting mobile devices, with spyware and banking trojans being a prevalent risk.
Telemetry data shows that threat actors are shifting from traditional card fraud to exploiting mobile payments using phishing, smishing, SIM-swapping, and payment scams.
The transition to attacks based on social engineering is explained by the improved security standards, such as chip-and-PIN technology, and the wide adoption of mobile payments.
"To carry out these attacks, cybercriminals deploy phishing trojans and malicious apps designed to steal financial information and login credentials," Zscaler says.
According to the company, banking malware has grown significantly over the past three years, reaching 4.89 million transactions in 2025. However, the growth rate was just 3% over the observed period, down from 29% the previous year.
Blocked banking trojan transactions
Source: Zscaler
Compared to last year, when Zscaler discovered 200 malware apps on Google Play, the company now reports finding 239 malicious applications in the official Android store that collectively counted 42 million downloads.
Another notable trend recorded during the same period is the rise of adware as the most prominent threat in the Android ecosystem, now accounting for roughly 69% of all detections, almost double from last year.
... continue reading