India: Mobile Attack Threats Surge 38%, Top Continues Target

India is grappling with an unprecedented surge in mobile malware attacks. The latest Zscaler ThreatLabz 2025 Mobile, IoT, and OT Threat Report reveals a staggering 38% increase in threats compared to the previous year.

The country has solidified its position as the global epicenter for mobile attacks, accounting for 26% of all mobile malware traffic worldwide, surpassing traditional targets like the United States at 15% and Canada at 14%.

This alarming trend reflects the growing vulnerability of the nation’s digital landscape as threat actors systematically target the country’s expanding mobile ecosystem.

The research reveals that hundreds of malicious applications have infiltrated trusted platforms, with 239 malicious apps discovered on the Google Play Store alone, collectively downloaded over 42 million times.

These applications employ sophisticated disguises, masquerading as legitimate productivity and workflow tools that appeal to users engaged in hybrid and remote work environments.

The attackers deliberately target the “Tools” category to exploit user trust in functionality-driven applications, capitalizing on the integration of mobile devices into professional workflows.

This represents a 67% year-over-year increase in Android malware transactions, underscoring the escalating risks posed by spyware and banking malware to the Indian user base.

Zscaler analysts identified that threat actors are strategically focusing on high-value industries where the potential for maximum impact is greatest.

Retail and Wholesale businesses emerge as the primary targets with 38% of attacks, followed closely by Hospitality, Restaurants and Leisure sectors at 31%. Manufacturing environments face 16% of attacks, while Energy, Utilities, and Oil & Gas operations experience 8% of the targeting.

This concentration in consumer-facing and operations-heavy environments reveals attackers’ focus on high-transaction and high-dependency deployments that can yield significant financial gains or operational disruption.

Infection Mechanism and Persistence Tactics

The malware landscape in India is dominated by backdoor and botnet-style families that establish persistent access to compromised devices. The IoT.Backdoor.Gen.LZ family leads detections at 85%, followed by ABRisk.IOTX at 8% and IoT.Exploit.CVE.2020.8195 at 1%.

These malware families operate through layered injection techniques, where initial payloads download secondary modules that establish command-and-control communications.

The backdoor mechanisms allow attackers to maintain long-term access while remaining dormant, activating only when receiving specific commands from remote servers.

This persistence strategy enables threat actors to exfiltrate sensitive data gradually while avoiding immediate detection.

The widespread adoption of these families demonstrates attackers’ commitment to establishing robust infrastructure for sustained operations across Indian infrastructure and consumer devices.

Security experts emphasize that organizations must implement comprehensive Zero Trust architectures combined with continuous traffic inspection and mobile threat defense integration to effectively counter these sophisticated attacks and protect their users and critical systems from compromise.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.