The number of Trojan banker attacks on smartphones surged by 196% in 2024 compared to the previous year, according to a Kaspersky report “The mobile malware threat landscape in 2024” released at Mobile World Congress 2025 in Barcelona. Cybercriminals are shifting tactics, relying on mass malware distribution to steal banking credentials. Over the past year, Kaspersky detected more than 33.3 million attacks on smartphone users globally, involving various types of malware and unwanted software.
The number of Trojan
banker attacks on Android smartphones increased from 420,000 in 2023 to
1,242,000 in 2024. Trojan banker malware is designed to steal user credentials
for online banking, e-payment services and credit card systems.
Cybercriminals trick
victims into downloading Trojan bankers by spreading links via SMS or messaging
apps, as well as through malicious attachments in messengers, and by directing
users to malicious webpages. They can even send messages from a hacked contact’s
account, making the fraud appear more trustworthy. To deceive users, attackers
often exploit trending news and hype topics to create a sense of urgency and
lower victims’ guard.
“Scammers have started to scale down their efforts to create unique
malware packages, focusing instead on distributing the same files to as many
victims as possible. It is more important than ever to be cyber-literate and
educate your loved ones – from children to the elderly – because no one is
completely safe from well-crafted scams and psychological tricks designed to
steal banking data,” says Anton Kivva, a security expert at
Kaspersky.
Although Trojan
bankers are the fastest-growing type of malware, they rank fourth overall in
terms of the share of attacked users at 6%. The most widespread category
remains AdWare, accounting for 57% of attacked users, followed by general
Trojans (25%) and RiskTools (12%). The ranking includes malware, adware and
unwanted software.
In 2024,
cybercriminals launched an average of 2.8 million malware, adware, and unwanted
software attacks on mobile devices each month. Over the year, Kaspersky
products blocked a total of 33.3 million attacks.
In 2024, Fakemoney, a
group of scam apps designed for fake investments and payouts, was the most
active threat. Another major concern was modified versions of WhatsApp that
contained the Triada-type Trojan - a malware that can download and execute
additional malicious or adware modules, for example, to display advertisements
or perform other unwanted actions. These unofficial WhatsApp mods ranked third
in activity, just behind a general category of cloud-based generic threats.
Learn more about the
mobile malware threat landscape in 2024 on Securelist.
To protect yourself
from mobile threats, Kaspersky shares the following recommendations:
- Downloading apps from
official stores like the Apple App Store and Google Play is not always
risk-free. Kaspersky recently discovered SparkCat, the first
screenshot-stealing malware to bypass the App Store's security. The malware was
also found on Google Play, with a total of 20 infected apps across both
platforms, proving that these stores are not 100% foolproof. To stay safe,
always check app reviews and download numbers when possible, use only links
from official websites, and install reliable security software, like Kaspersky Premium, that can
detect and block malicious activity if an app turns out to be fraudulent.
- Check the permissions
of apps that you use and think carefully before permitting an app, especially
when it comes to high-risk permissions such as Accessibility Services. For
example, the only permission that a flashlight app needs is the flashlight
(which doesn’t even involve camera access).
- A good piece of advice
is to update your operating system and important apps as updates become
available. Many safety issues can be solved by installing updated versions of
software.
