Trojan Banker Attacks on Smartphones Surge by 56% in 2025, Kaspersky Report Reveals
The number of Trojan banker attacks targeting Android smartphones increased by 56% in 2025 compared to the previous year, according to the latest “Mobile Malware Evolution” report released by Kaspersky. Trojan banker malware is designed to steal user credentials for online banking platforms, e-payment services, and credit card systems.
Cybercriminals commonly distribute these threats through messaging applications and malicious web pages, making them difficult for users to identify. The report also revealed a sharp rise in the number of new Trojan banker installation packages for Android—unique APK files—reaching 255,090 packages in 2025, representing a 271% increase compared to 2024.
This significant growth suggests that Trojan banker malware remains highly profitable for cybercriminals. According to Kaspersky experts, threat actors are likely to continue expanding delivery channels while developing new variants designed to evade detection by cybersecurity solutions. Among the most active malware families detected were Mamont and Creduz.
“Although Trojan bankers for smartphones are currently the fastest-growing type of malware, we have also observed another important trend,” said Anton Kivva, malware analyst team lead at Kaspersky. “Preinstalled backdoors such as Triada and Keenadu are appearing more frequently. In some cases, users may purchase brand-new Android devices that are already infected.”
When malware is embedded directly into the device firmware, it can grant attackers extensive control over smartphones and tablets, potentially exposing all stored data. Removing such threats can be difficult, and users are advised to check for firmware updates and run a full security scan after installing any updates to ensure the system is clean.
To help users stay protected from mobile threats, Kaspersky recommends downloading applications only from official app stores such as the Apple App Store and Google Play, installing reliable security software, reviewing application permissions carefully, and keeping operating systems and apps up to date.