According to a Kaspersky report “Mobile malware evolution,” the number of Trojan banker attacks on Android smartphones increased by 56% in 2025 compared to the previous year*. This type of malware is designed to steal user credentials for online banking, e-payment services and credit card systems. Cybercriminals commonly distribute Trojan bankers through messaging apps, as well as through malicious webpages.
The number of new Trojan banker installation packages for Android (unique APK files) also increased sharply, reaching 255,090 packages – a 271% increase over 2024. This may indicate that these tools generate substantial profit for cybercriminals. Kaspersky experts believe threat actors will continue both to expand delivery channels and develop new Trojan variants trying to evade detection by security solutions. Among all detected Trojan bankers, the leading families were Mamont and Creduz.
“Although Trojan bankers for smartphones are the fastest-growing type of malware, we also observed another important trend: preinstalled backdoors such as Triada and Keenadu appeared more frequently compared to previous years. People purchase completely new, but infected, Android devices and may be unaware of the threat. Once integrated into the firmware fully functional preinstalled backdoors provide attackers with unlimited control over the victims’ smartphones and tablets. As a result, all information on infected devices can be compromised. It’s quite difficult to remove such malware. If the device is infected, we recommend users check for firmware updates. After the update, run a scan of the device with a security solution again to make sure newly installed firmware is not infected,” comments Anton Kivva, malware analyst team lead at Kaspersky.
To stay protected from mobile threats, Kaspersky recommends:
- Download apps only from official websites and app stores for smartphones, such as Apple App Store and Google Play, but remember that even downloading apps from official stores is not always risk-free.
- Install reliable security software, like Kaspersky Premium, that can detect and block malicious activity if an app turns out to be fraudulent.
- Check the permissions of apps that you use and think carefully before permitting an app, especially when it comes to high-risk permissions such as Accessibility Services.
- Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.
Learn more about the mobile malware threat landscape in 2025 on Securelist.
