Spyware Spikes, Smishing Explodes
Spyware is climbing fast, with a 147% increase in 2025. These apps often appear useful on the surface but secretly gather personal data. Malwarebytes flagged February and March as high-alert months when spyware activity jumped to nearly four times the baseline.
Even more alarming, smishing (phishing via SMS) grew by 692% between April and May. These messages often mimic official alerts during busy times like tax season or holiday travel. A single tap on a link can open the door to stolen credentials or remote control of the phone.
Criminals Now Use Apps That Look Legit
Malwarebytes found that banking trojans and spyware are overtaking basic nuisances like adware. Many threats now hide inside apps that seem trustworthy. Fake loan services, for example, offer low-interest promises with no credit checks. But once installed, they siphon off data or push users to fraudulent payment sites. These loan scam apps surged in May and are likely to keep circulating.
The techniques are evolving too. Attackers are using AI to write more convincing messages, making fake texts harder to spot. Some schemes now arrive as PDF attachments, disguised as bills or forms, which infect the device when opened.
Older Devices Still Running Unpatched Software
One major weakness lies in outdated Android systems. Malwarebytes estimates over 30% of Android devices still run older software versions, which don’t receive security patches. That leaves them exposed to known flaws that newer systems have already fixed.
Another issue comes from counterfeit or gray-market phones. Some of these arrive with malware already installed. Users may not realize their device is compromised until personal data starts leaking or banking apps behave oddly.
From Quick Scams to Built-Out Operations
The report suggests that these aren’t one-off attempts. Cybercriminals are building ecosystems—interconnected tools, tactics, and apps that feed off each other. They rely on scale and the assumption that mobile users trust their phones more than they should.
In short, mobile threats now resemble enterprise-level operations. They aim to make money from everything a phone can reveal: passwords, bank access, personal habits, location, and more.
How to Stay Ahead of Android Threats
Google Play Protect helps block known threats, but it can’t catch everything. Users need to be proactive with basic security steps:
Download from official sources. Stick to the Google Play Store when installing apps. Third-party sources are riskier and often bypass Google’s security checks.
Review app permissions. Think twice if a new app asks to read messages or display content over other apps. These permissions are often abused to steal passwords or intercept text codes.
Deny notification access unless necessary. Scammy ad networks push pop-ups through notifications. Blocking this access can stop those annoyances before they start.
Keep software updated. If your phone is eligible for updates, install them right away. They often patch serious holes that criminals are already exploiting.
Use a trusted mobile security app. Good antivirus software for Android can flag suspicious apps, detect spyware, and block dangerous links.
Mobile devices are deeply connected to people’s financial and digital lives. Treating their security like an afterthought leaves users open to real damage. Malwarebytes’ data shows that attackers have stopped improvising. Now, they’re planning, adapting, and expanding.
Notes: Image: DIW-Aigen. This post was edited/created using GenAI tools.
Read next:
• Personal AI: How OpenAI Employees Turn to ChatGPT for Small, Daily Decisions
• AI-Powered Cyber Attacks Are Escalating, But Most IT Teams Aren’t Ready
