Watch out, these malicious Android apps have been downloaded 42 million times - and could leave you seriously out of pocket

• Android malware downloads reached alarming levels, with millions exposed through trusted apps
• Attackers shifted aggressively toward mobile payments using social-engineering
• Energy sector attacks surged dramatically, but IoT and routers are also hit

A growing surge in mobile and IoT security incidents is exposing persistent weaknesses in systems that billions rely on for work, payments, and communication, new research has claimed.

Zscaler identified 239 malicious Android apps on Google Play which collectively had been downloaded 42 million times.

These apps are often presented as routine productivity or workflow tools that are trusted by hybrid workers, with the findings also showing a move away from card-focused fraud toward mobile payment abuse through phishing, smishing, SIM-swapping, and related social engineering channels.

Rising mobile compromise

Zscaler reports a 67% year-over-year increase in Android malware transactions, driven by spyware, banking trojans, and increasingly dominant adware campaigns.

Adware now represents 69% of all detections, while the “Joker” family has dropped to 23%, indicating a shift in how attackers seek to monetize mobile access.

High-value industries remain central targets, with the energy sector recording a 387% increase in attack attempts compared to last year.

Manufacturing and transportation continue to face a large volume of IoT threats, accounting for more than 40% of observed malware activity in that category.

IoT attacks remain dominated by Mirai, Mozi, and Gafgyt, which together account for roughly 75% of malicious payloads.

This trend is reflected in the continued targeting of routers, which also represent 75% of all IoT attacks and remain the primary devices compromised for botnet building and proxy activity.

Mobile attack activity continues to cluster in a small group of countries.

India remains the top target for mobile malware, receiving 26% of observed attacks, followed by the United States at 15% and Canada at 14%.

In IoT environments, the United States remains the most targeted country, receiving 54.1% of all malicious traffic.

Malware such as the “Android Void” backdoor has infected at least 1.6 million Android TV boxes, primarily in India and Brazil.

This shows the impact of outdated firmware and widespread adoption of low-cost devices.

Zscaler also points to ongoing adaptations in families such as “Anatsa” and “Xnotice,” which continue to refine techniques for financial theft and regional targeting.

“Attackers are pivoting to areas with maximum impact... A Zero Trust everywhere approach, combined with AI-powered threat detection, is imperative to reducing the attack surface, limiting lateral movement, and providing organizations the defense they need against ever-evolving attacks,” said Deepen Desai, EVP and Chief Security Officer at Zscaler.

How to stay safe

• Keep your device updated and install new security patches promptly.
• Use a trustworthy antivirus app from a reputable publisher.
• Enable ransomware protection features when they are available on your device.
• Run periodic malware removal scans to check for hidden or dormant threats.
• Avoid installing unnecessary apps, even if they appear in familiar categories.
• Review app permissions carefully and deny access that is not essential.
• Keep Google Play Protect enabled and run manual scans regularly.
• Avoid downloading apps from links in messages, job portals, or social media.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.