Image by Rami Al-zayat, from Unsplash
Android Malware Up 151% As Mobile Cybercrime Becomes More Organized
Reading time: 2 min
Last Updated: Jul 2, 2025
-
![Kiara Fabbri]()
-
![Sarah Frazier]()
Fact-Checked by Sarah Frazier Content Manager
Android users face a 151% spike in mobile malware as attackers shift to smarter, large-scale scams exploiting outdated software and user trust.
In a rush? Here are the quick facts:
- Spyware incidents increased 147%, peaking in February and March.
- SMS-based malware spiked 692% between April and May.
- Over 30% of Android devices run outdated, unpatched systems.
Mobile malware targeting Android users has surged 151% in the first half of 2025, according to new data from Malwarebytes. Security researchers warn that this isn’t just a spike, it’s the start of a new, more organized era of mobile threats.
Spyware, which collects data without user consent, rose by 147%, especially in February and March. Even more alarming is a 692% jump in SMS-based malware between April and May, likely driven by tax scams and fake toll fee messages, as noted by Malwarebytes.
“These numbers show attackers are scaling up,” said Shahak Shalev, Sr. Director at Malwarebytes. “Attackers are moving beyond simple scams to building sustainable criminal enterprises. They’re playing the long game now—developing monetization strategies for every type of data they can harvest.”
Malwarebytes explains that one major threat, SpyLoan, offers fake loans with attractive terms to trick people into sharing private info. Banking Trojans, fake financial tools, and “updates” hiding malware are now more common than traditional adware. Many are being distributed through both official and unofficial app stores.
Shalev added, “The February spike shows this isn’t random, it’s methodical business development in the cybercrime space”
Malwarebytes says that a big part of the problem is outdated software. More than 30% of Android devices still run old operating systems that can’t get security patches. Others, especially cheap or fake phones, come preloaded with malware.
To protect yourself, only download apps from the Google Play Store, check app permissions carefully, and avoid enabling features like “Display over other apps.” Google Play Protect offers built-in defense, but it’s not foolproof.
What’s happening isn’t random, it’s organized. Shalev concluded saying, “The Android threat landscape has matured into a network of monetization schemes that thrive on scale, persistence, and user trust. Attackers aren’t just after quick wins—they’re building operations that last.”
Previous Story
Latest articles 
