Zimperium has released its 2025 Global Mobile Threat Report, showcasing key mobile threat trends from the past year. Researchers from zLabs examined threat data to reveal the growing complexity of attacks and vulnerabilities affecting both mobile devices and applications.
“As organizations globally have embraced mobile to improve both productivity and customer engagement, cybercriminals have taken notice and have transitioned to a mobile-first attack strategy,” said Shridhar Mittal, Chief Executive Officer, Zimperium. “In today’s hybrid work environment, where 70% of organizations support BYOD and actively build mobile apps for both employees and customers, reducing the mobile attack surface requires a comprehensive mobile security strategy covering both mobile devices and mobile applications.”
Mishing – Remains Top Threat Facing Businesses
While most organizations and security teams are well aware of the dangers posed by traditional phishing, threat actors have begun to look at mobile-targeted phishing (Mishing) as an even more vulnerable attack vector due to the unique features of mobile devices and a lower state of vigilance from both users and organizations. The zLabs researchers found a continued surge in mishing attacks with SMS/text based phishing (Smishing) now 69.3% of all mishing attacks. PDF phishing has also emerged as a new attack method. Notably, the Global Mobile Threat report reveals that vishing (voice-call phishing) and smishing attacks on mobile devices have risen dramatically (28% and 22%, respectively).
Mobile Malware – Cybercriminals’ Continued Weapon of Choice
Malware continues to be the weapon of choice of cybercriminals and advanced persistent threats. zLabs observed a 50% increase year-over-year in use of Trojans in attacks with new banker trojan families discovered including: Vultur, DroidBot, Errorfather and BlankBot. Spyware was categorized as top category in 2024 which is not surprising given the ability to exfiltrate data, including credentials and even one-time-passwords from victims without their knowledge.
Despite Rising Awareness, Mobile App Compromise Continues
The apps downloaded by unsuspecting users can lead to serious consequences if they are not properly assessed for threats, including leakage of sensitive data, as well as trojans for delivering malware, particularly if they have not been downloaded from an official app store. The danger to work apps and data that are on the same device as a compromised app is a substantial risk to organizations.
Likewise, internally developed mobile apps used by customers, suppliers or employees may still lack basic defenses, leaving them vulnerable to reverse engineering, tampering, and exploitation. With over 50% of devices running outdated or compromised operating systems, even well-protected apps are exposed without proper device attestation.
“The research shows that bad actors targeting mobile devices and apps are constantly evolving their tactics, evading detection, often going unnoticed by enterprises,” said Kern Smith, Vice President, Global Solutions Engineering, Zimperium. “To effectively navigate this evolving mobile threat landscape, enterprises need to have real-time threat visibility and comprehensive protection. Adopting a holistic approach that takes into account the entire mobile ecosystem is vital to stay ahead of bad actors looking to exploit enterprises’ sensitive data and operations.”
Methodology
To develop the findings in this year’s report, Zimperium analyzed anonymized data from mobile devices protected by its Mobile Threat Defense solution and applications scanned by its app analysis engine. The insights are based on threat and risk telemetry collected over the past year across a global population of iOS and Android devices.
To access the full 2025 Global Mobile Threat Report—which includes in-depth analysis of mobile app vulnerabilities, device risks, and supply chain threats—click here. The report provides actionable insights to help organizations strengthen their mobile security strategy in today’s evolving threat landscape.
Related News:
Zimperium Warns: Rooting & Jailbreaking Remain Major Security Threats
Zimperium Leads Expansion of the World’s Top Mobile Security Platform
