143,000 Malware Attacks Target Android and iOS Users in Q2 2025

In the second quarter of 2025, cybercriminals unleashed a significant wave of mobile malware attacks, with security researchers detecting nearly 143,000 malicious installation packages targeting both Android and iOS devices. This alarming surge represents a notable escalation in mobile cyber threats, impacting millions of users globally through sophisticated attack vectors aimed at stealing sensitive data, compromising financial information, and establishing persistent backdoors on infected devices. The malware landscape during this period showcased remarkable diversity in attack methodologies and target demographics. Banking Trojans emerged as the predominant threat category, accounting for 42,220 malicious packages, while mobile ransomware Trojans added another 695 packages to the threat ecosystem. The attacks primarily utilised social engineering tactics, fake application stores, and compromised legitimate applications to infiltrate user devices, with cybercriminals demonstrating increasing sophistication in bypassing modern security mechanisms.

According to data from Kaspersky Security Network, the quarter saw 10.71 million blocked attacks involving malware, adware, and unwanted mobile software, with Trojans comprising 31.69% of all detected malicious activities. Researchers from Securelist identified several concerning trends, including the emergence of pre-installed malware on certain device models and the evolution of existing threat families to incorporate new evasion techniques. Among the most notable discoveries was the SparkKitty malware, a sophisticated threat targeting both Android and iOS platforms with image-stealing capabilities. This malicious application specifically targeted cryptocurrency wallet recovery codes stored as screenshots in device galleries, posing a direct threat to digital asset security. The malware operated by masquerading as legitimate applications while secretly exfiltrating sensitive visual data to remote servers controlled by cybercriminals. The technical sophistication of mobile malware in Q2 2025 reached unprecedented levels, particularly in persistence and detection evasion strategies, exemplified by the Trojan-Spy.AndroidOS.OtpSteal.a, which disguised itself as a Virtual Private Network client to intercept one-time password codes. 

Categories: Mobile Malware Attacks, Banking Trojans, Advanced Evasion Techniques 

Tags: Mobile Malware, Cybercriminals, Android, iOS, Banking Trojans, Ransomware, Social Engineering, SparkKitty, Persistence Mechanisms, Evasion Techniques