Global banking trojan attacks on smartphones surge 196%

By Luu Quy March 11, 2025 | 12:55 am PT

Cybercriminals are focusing on mass distribution of a single, highly dangerous malware variant—Trojan bankers—rather than deploying multiple types of malicious software, according to cybersecurity firm Kaspersky.

A report released by Kaspersky at Mobile World Congress 2025 in Barcelona revealed that Trojan bankers attacks on smartphones soared by 196% in 2024.

These are designed to steal login credentials for online banking, e-payment services and credit card accounts. Hackers trick victims into downloading Trojan bankers by spreading malicious links through SMS, messaging apps and email attachments. Some attacks originate from compromised contacts, making the fraud appear more credible. Cybercriminals also exploit trending news and viral topics to create urgency, lowering victims’ defenses.

Kaspersky reported detecting and blocking over 33.3 million attacks on smartphone users worldwide in 2024. The number of Trojan bankers attacks on Android devices alone went up from 420,000 in 2023 to 1.24 million.

"Scammers have started to scale down their efforts to create unique malware packages, focusing instead on distributing the same files to as many victims as possible," Anton Kivva, a Kaspersky expert, said.

Fakemoney, a scam app group targeting users with fake investments and payouts, was the most active threat.

A smartphone displaying warning of virus dectection. Photo courtesy of Kaspersky

Modified versions of popular apps like WhatsApp have been found to contain the Triada Trojan, which can download and execute additional malicious software or display intrusive ads.

"It is more important than ever to be cyber-literate and educate your loved ones—from children to the elderly—because no one is completely safe from well-crafted scams and psychological tricks designed to steal banking data," Kivva added.

Despite their rapid growth, Trojans bankers accounted for only 6% of total mobile malware attacks in 2024, ranking fourth in prevalence.

AdWare remained the most widespread type of mobile malware, responsible for 57% of attacks, followed by general Trojans (25%) and RiskTools (12%).

On average, 2.8 million attacks per month targeted mobile devices in 2024, including through malware, adware and unwanted software.

Kaspersky also discovered SparkCat, the first known malware capable of capturing screenshots while bypassing Apple's App Store security.

The malware was also found on Google Play, with a total of 20 infected apps detected across both platforms, highlighting that official app stores are not entirely foolproof.

Kaspersky advises users to be cautious when granting app permissions, especially for high-risk functions such as accessibility services.