The number of Trojan banker attacks on smartphones surged by 196% in 2024 compared to the previous year, according to a Kaspersky report “The mobile malware threat landscape in 2024”.. Cybercriminals are shifting tactics, relying on mass malware distribution to steal banking credentials. Over the past year, Kaspersky detected more than 33.3 million attacks on smartphone users globally, involving various types of malware and unwanted software.
Read More: Infinix Showcases AI-Driven Solar Energy Innovation at MWC 2025
The number of Trojan banker attacks on Android smartphones increased from 420,000 in 2023 to 1,242,000 in 2024. Trojan banker malware is designed to steal user credentials for online banking, e-payment services and credit card systems.
Cybercriminals trick victims into downloading Trojan bankers by spreading links via SMS or messaging apps, as well as through malicious attachments in messengers, and by directing users to malicious webpages. They can even send messages from a hacked contact’s account, making the fraud appear more trustworthy. To deceive users, attackers often exploit trending news and hype topics to create a sense of urgency and lower victims’ guard.
“Scammers have started to scale down their efforts to create unique malware packages, focusing instead on distributing the same files to as many victims as possible. It is more important than ever to be cyber-literate and educate your loved ones – from children to the elderly – because no one is completely safe from well-crafted scams and psychological tricks designed to steal banking data,” says Anton Kivva, a security expert at Kaspersky.
Although Trojan bankers are the fastest-growing type of malware, they rank fourth overall in terms of the share of attacked users at 6%. The most widespread category remains AdWare, accounting for 57% of attacked users, followed by general Trojans (25%) and RiskTools (12%). The ranking includes malware, adware and unwanted software.
In 2024, cybercriminals launched an average of 2.8 million malware, adware, and unwanted software attacks on mobile devices each month. Over the year, Kaspersky products blocked a total of 33.3 million attacks.
Shahzad Shahid, Policy Advocate and Expert on IT and Digital Economy in Pakistan commented that the alarming rise in mobile banking malware attacks calls for a multi-faceted approach to cybersecurity. Awareness and education are the first lines of defense. The public must be educated on safe digital practices, such as avoiding suspicious links, using multi-factor authentication, and installing security updates regularly. The government should play a proactive role by integrating cybersecurity education into academic curricula, and ensuring strict regulatory measures for financial institutions and digital service providers, he added.
To protect yourself from mobile threats, Kaspersky recommends downloading apps from official stores like the Apple App Store and Google Play is not always risk-free. To stay safe, always check app reviews and download numbers when possible, use only links from official websites, and install reliable security software, like Kaspersky Premium, that can detect and block malicious activity if an app turns out to be fraudulent.
Learn more about the mobile malware threat landscape in 2024 on Securelist.
