The 2025 zLabs Global Mobile Threat Report found 50% of mobile devices are running on outdated operating systems
Key Findings:
- Mobile continues to be the preferred vector for attackers
- Smishing has rapidly grown to comprise over two-thirds of mobile phishing attacks
- Vishing and Smishing tactics grew by 28% and 22%, respectively
- Over 25% of mobile devices can’t upgrade to the latest OS versions
- Over 60% of iOS and up to 34% of Android apps lack basic code protection.
- Nearly 60% of iOS and 43% of Android apps vulnerable to PII data leakage
DALLAS – Zimperium, the global leader in mobile security, today announced the release of its 2025 Global Mobile Threat Report, which highlights critical mobile threat trends from the past year. zLabs researchers analyzed threat data to uncover evolving and complex attacks and vulnerabilities found across both mobile devices and mobile apps.
“As organizations globally have embraced mobile to improve both productivity and customer engagement, cybercriminals have taken notice and have transitioned to a mobile-first attack strategy,” said Shridhar Mittal, Chief Executive Officer, Zimperium. “In today’s hybrid work environment, where 70% of organizations support BYOD and actively build mobile apps for both employees and customers, reducing the mobile attack surface requires a comprehensive mobile security strategy covering both mobile devices and mobile applications.”
Mishing – Remains Top Threat Facing Businesses
While most organizations and security teams are well aware of the dangers posed by traditional phishing, threat actors have begun to look at mobile-targeted phishing (Mishing) as an even more vulnerable attack vector due to the unique features of mobile devices and a lower state of vigilance from both users and organizations. The zLabs researchers found a continued surge in mishing attacks with SMS/text based phishing (Smishing) now 69.3% of all mishing attacks. PDF phishing has also emerged as a new attack method. Notably, the report reveals that vishing (voice-call phishing) and smishing attacks on mobile devices have risen dramatically (28% and 22%, respectively).
Mobile Malware – Cybercriminals’ Continued Weapon of Choice
Malware continues to be the weapon of choice of cybercriminals and advanced persistent threats. zLabs observed a 50% increase year-over-year in use of Trojans in attacks with new banker trojan families discovered including: Vultur, DroidBot, Errorfather and BlankBot. Spyware was categorized as top category in 2024 which is not surprising given the ability to exfiltrate data, including credentials and even one-time-passwords from victims without their knowledge.
Despite Rising Awareness, Mobile App Compromise Continues
The apps downloaded by unsuspecting users can lead to serious consequences if they are not properly assessed for threats, including leakage of sensitive data, as well as trojans for delivering malware, particularly if they have not been downloaded from an official app store. The danger to work apps and data that are on the same device as a compromised app is a substantial risk to organizations.
Likewise, internally developed mobile apps used by customers, suppliers or employees may still lack basic defenses, leaving them vulnerable to reverse engineering, tampering, and exploitation. With over 50% of devices running outdated or compromised operating systems, even well-protected apps are exposed without proper device attestation.
“The research shows that bad actors targeting mobile devices and apps are constantly evolving their tactics, evading detection, often going unnoticed by enterprises,” said Kern Smith, Vice President, Global Solutions Engineering, Zimperium. “To effectively navigate this evolving mobile threat landscape, enterprises need to have real-time threat visibility and comprehensive protection. Adopting a holistic approach that takes into account the entire mobile ecosystem is vital to stay ahead of bad actors looking to exploit enterprises’ sensitive data and operations.”
Methodology
To develop the findings in this year’s report, Zimperium analyzed anonymized data from mobile devices protected by its Mobile Threat Defense solution and applications scanned by its app analysis engine. The insights are based on threat and risk telemetry collected over the past year across a global population of iOS and Android devices.
To access the full 2025 Global Mobile Threat Report—which includes in-depth analysis of mobile app vulnerabilities, device risks, and supply chain threats—click here. The report provides actionable insights to help organizations strengthen their mobile security strategy in today’s evolving threat landscape.
For more information on how Zimperium protects enterprises from mobile threats, visit www.zimperium.com.
About Zimperium
Zimperium is the world leader in mobile security. Purpose-built for mobile environments, Zimperium provides unparalleled protection for mobile applications and mobile devices, leveraging AI-driven, autonomous mobile security to counter evolving threats including mobile-targeted phishing (mishing), mobile malware, mobile app vulnerabilities and compromise, as well as zero-day mobile threats. As cybercriminals adopt a mobile-first attack strategy, Zimperium helps organizations stay ahead with proactive, unmatched protection of the mobile apps that run your business and the mobile devices relied upon by your employees. Headquartered in Dallas, Texas, Zimperium is backed by Liberty Strategic Capital and SoftBank. Learn more at www.zimperium.com and connect on LinkedIn and X (@Zimperium).