ACCORDING to Kaspersky Security Network, the mobile threat landscape in 2025 saw more than 14 million attacks involving malware, adware or unwanted mobile software blocked, with adware accounting for 62% of detections and over 815,735 new unique installation packages observed, including 255,090 mobile banking Trojan installations. In total, Kaspersky solutions blocked 14,059,465 attacks that year, while the number of installation packages declined from the previous year.
Notable developments included the Keenadu preinstalled backdoor discovered in Q4 2025, which is injected into device firmware during manufacturing and can inflate ad views, hijack search queries and be updated remotely. The LunaSpy Trojan, disguised as antivirus software, exfiltrates passwords and credentials, SMS messages, call logs and can record audio and video, primarily targeting users in Russia.
Additionally, the Kimwolf IoT botnet targets Android TV boxes, enabling DDoS actions and acting as reverse proxies, with some devices used as residential proxies by third parties. The report notes a shift toward more Trojan-Banker and Trojan-Spy activity alongside a continued presence of adware.