Android Trojan banking malware attacks rise 56% in 2025: report

Attacks involving Trojan banker malware targeting Android smartphones increased by 56 percent in 2025 compared with 2024, according to cybersecurity firm Kaspersky.

Trojan banker malware is designed to steal credentials used for online banking, digital payment platforms and credit card systems. It is typically distributed through messaging apps or malicious websites.

The number of unique Android Trojan banker installation packages (APK files) rose to 255,090 in 2025, a 271% increase compared with the previous year.

Kaspersky said the surge suggests cybercriminal groups continue to generate significant profits from banking malware operations.

The most frequently detected Trojan banker families were Mamont and Creduz.

Researchers also reported a rise in malware embedded directly in smartphone firmware, including backdoors such as Triada and Keenadu.

“Although Trojan bankers for smartphones are the fastest-growing type of malware, we also observed another important trend: preinstalled backdoors such as Triada and Keenadu appeared more frequently compared to previous years,” said Anton Kivva, malware analyst team lead at Kaspersky.

He warned that some Android devices may be sold with malware already installed in the firmware, allowing attackers full access to data stored on affected smartphones and tablets.

Kivva advised users to install firmware updates and scan devices with security software if infection is suspected.