India has emerged as the biggest target for mobile malware, with over 42 million installs of malicious Android apps on the Google Play Store, according to a new report by cloud security firm Zscaler. The findings, published in the ThreatLabz 2025 Mobile, IoT, and OT Threat Report, highlight a sharp rise in mobile cyberattacks between June 2024 and May 2025, and warn that Indian users are at the highest risk globally.
239 malicious apps found on Google Play
Zscaler says it identified 239 malicious apps masquerading as everyday productivity tools. Many were listed under the “Tools” category, posing as workflow utilities, file managers, or performance boosters, helping them bypass user suspicion and accumulate downloads.
These apps collectively crossed 4 crore installs, before Google removed the flagged titles. Researchers say attackers exploited the ongoing hybrid-work trend, targeting users who rely on mobile devices for professional tasks.
Mobile malware soars 67%
The report notes a 67% surge in Android malware transactions year-over-year. Spyware and banking trojans remain the biggest threats, with attackers shifting away from card-based fraud toward mobile payment theft and device-level surveillance.
India remains the most impacted country, followed by Indonesia and Brazil.
India: the top target for mobile attacks
India accounted for a massive 26% of all global mobile attacks, marking a 38% increase compared to the previous year. With one of the world’s largest Android user bases, and rapid adoption of UPI-based digital payments, attackers see India as a high-reward environment.
Meanwhile, the United States continues to face the highest volume of IoT attacks, while Hong Kong takes second place.
Critical sectors at risk
Zscaler’s report also highlights a sharp escalation in cyberattacks on key industries:
Energy sector: Saw a staggering 387% rise, putting critical infrastructure at unprecedented risk.
Manufacturing & transportation: Together made up more than 40% of all IoT malware incidents, making them primary targets for device-level infiltration.
What users should do
While Google has removed many malicious apps, millions of devices may still be compromised. Security researchers urge users to:
-Delete unknown or suspicious utility apps
-Avoid installing apps outside the Play Store
-Keep devices updated
-Enable Google Play Protect
-Use trusted mobile security tools
With attackers increasingly exploiting India’s massive Android ecosystem, vigilance remains the only effective defence.
