Malicious Android Apps Hit 42 Million Downloads on Google Play

UK – New research highlights a significant rise in mobile malware threats. A report by cloud security company Zscaler reveals that between June 2024 and May 2025, 239 malicious apps were downloaded more than 42 million times from Google Play. This represents a 67% year-over-year increase in malware targeting Android devices.

The report found that spyware and banking trojans were among the most commonly identified threats. Zscaler identified a troubling trend as attackers shifted focus from traditional card fraud to exploiting mobile payments through phishing and social engineering tactics.

Deepen Desai, EVP and chief security officer at Zscaler, stated, “Attackers are pivoting to areas with maximum impact. We’re seeing a YoY rise of 67% in malware targeting mobile devices and 387% in IoT/OT attacks, especially in the energy sector.” This spike poses unique challenges for organizations reliant on these technologies.

Zscaler highlighted three malware families that caused significant damage to users. Anatsa, a banking trojan, has increasingly evolved since its discovery in 2020. The latest version can target data from over 831 financial organizations worldwide. Another notable threat, the Void malware, has infected at least 1.6 million outdated Android TV boxes, causing widespread concern primarily in India and Brazil.

Then there’s Xnotice, a remote access trojan (RAT) tailored for job seekers in the oil and gas industry. This malware disguises itself as job application tools and targets banking credentials. Xnotice poses a serious risk due to its sophisticated design.

India, the United States, and Canada account for over half of all mobile malware traffic. Zscaler’s report noted a dramatic increase in attacks targeting Italy and Israel, with explosions in activity ranging from 800% to 4000% year-over-year.

In addition to mobile threats, Zscaler also observed a rise in IoT attacks, with routers being the most targeted device category. Most attacks are attributed to the Mirai and Gafgyt malware families. The U.S. leads these malicious activities, comprising over half of the observed incidents.

To protect against these evolving threats, users are advised to apply security updates, only download apps from reputable sources, and scrutinize app permissions closely. Regularly running security scans can help mitigate risks of infection.

The findings from Zscaler serve as a stark reminder of the ongoing security challenges in the mobile and IoT landscapes, prompting a call for enhanced protective measures.