The number of Trojan banker attacks targeting smartphones increased by 56% in 2025, according to Kaspersky’s latest report on mobile malware trends. The report highlights a sharp rise in Android-based financial malware, as cybercriminals increasingly target mobile devices to steal banking credentials, payment details, and personal information.
Trojan banker malware is designed to capture login details for online banking, e-payment services, and credit card systems, and is commonly spread through messaging apps, malicious links, and fake websites. Kaspersky noted that attackers are using more sophisticated distribution techniques, making it harder for users to detect threats.
The report also found a significant surge in the number of new Trojan banker installation packages, with over 255,000 unique Android APK files detected in 2025, marking a 271% increase compared to the previous year. Researchers believe the rapid growth indicates that financial malware continues to be highly profitable for cybercriminal groups, encouraging the development of new variants that can bypass security protections.
Among the most active malware families identified were Mamont and Creduz, while researchers also observed a rise in preinstalled backdoors such as Triada and Keenadu. These threats are particularly dangerous because they may come embedded in device firmware, allowing attackers to gain full control over smartphones without the user’s knowledge. Such infections can compromise all data on the device and are difficult to remove without firmware updates and security scans.
The report also highlighted regional trends. In India, Rewardsteal and Thamera Trojans were detected targeting financial data, while other regions reported different variants distributed through fake apps, phishing links, and unofficial downloads.
Kaspersky advised users to install apps only from trusted sources, regularly update their devices, review app permissions carefully, and use reliable mobile security software to reduce the risk of financial malware and other mobile threats.
