Security researchers observed a 67% increase in malware targeting Android devices over the past year, with hundreds of malicious apps making their way onto the official Google Play store.
Zscaler revealed the findings in its ThreatLabz 2025 Mobile, IoT, and OT Threat Report, which is compiled from analysis of over 20 million mobile requests sent from devices between June 2024 and May 2025.
It claimed that, during the period, 239 malware-laden apps bypassed Google’s filters to end up on the Play store, where they were downloaded 42 million times.
Among the most common were productivity and workflow apps published under the “Tools” category. Zscaler warned that threat actors successfully exploited users’ trust in functionality-driven applications and desire to download such software to help with remote working.
Read more on mobile threats: 82% of Phishing Sites Now Target Mobile Devices
The manufacturing and energy sectors were most frequently targeted by threat actors during the period, with the latter recording a 387% annual increase in mobile attacks. India (26%), the US (15%) and Canada (14%) accounted for the majority of malicious mobile traffic, with threat volumes surging 38% year on year (YoY) in India.
Mirai Dominates IoT Threats
When it came to IoT threats, 40% of blocked requests were linked to the Mirai family, with a further 35% attributed to the Gafgyt malware variant.
Manufacturing and transportation were once again the most frequently targeted verticals, each accounting for around a fifth of all observed IoT malware attacks. This marks a shift from 2024, when manufacturing represented 36% of total incidents, followed by transportation at 14%.
The US stood out as the number one target for IoT threat activity, accounting for over half (54%) of all attacks. It was followed by Hong Kong (15%), Germany (6%), India (5%) and China (4%).
“Attackers are pivoting to areas with maximum impact. We’re seeing a YoY rise of 67% in malware targeting mobile devices and 387% in IoT/OT attacks on energy sectors often hosting critical infrastructure, which is a massive swing,” said Deepen Desai, EVP and chief security officer at Zscaler.
“A Zero Trust everywhere approach, combined with AI-powered threat detection, is imperative to reducing the attack surface, limiting lateral movement, and providing organizations the defense they need against ever-evolving attacks.”
A Google spokesperson sent Infosecurity the following response: "User protection against these identified malware versions was already in place through Google Play Protect prior to this report. Based on our current detection, no apps containing these versions of this malware are found on Google Play. We're constantly enhancing our protections to help keep users safe from bad actors."
Image credit: Poetra.RH / Shutterstock.com