Malicious Android Apps on Google Play Downloaded 42 Million Times

Key Highlights

  • Malicious Android apps on Google Play downloaded 42 million times between June 2024 and May 2025.
  • Growth in malware targeting mobile devices was 67% year-over-year, with spyware and banking trojans being prevalent risks.
  • The transition to attacks based on social engineering is explained by improved security standards and the wide adoption of mobile payments.
  • Adware now accounts for roughly 69% of all detections in the Android ecosystem, a significant increase from last year.

Malicious Apps on Google Play: A Growing Threat

A recent report by cloud security company Zscaler reveals that hundreds of malicious Android apps were downloaded more than 40 million times between June 2024 and May 2025 from the official Google Play store. This alarming statistic highlights a significant rise in cybercrime targeting mobile devices, with malware posing a growing threat to users.

The report notes that spyware and banking trojans are among the most prevalent risks observed during this period. The growth in malware targeting mobile devices was 67% year-over-year, indicating a substantial increase in cyberattacks on Android users. This trend is attributed to several factors, including improved security standards such as chip-and-PIN technology and the widespread adoption of mobile payments, which have made traditional card fraud less effective for cybercriminals.

Shift from Card Fraud to Social Engineering

To adapt to these new security measures, threat actors are increasingly deploying phishing trojans and malicious apps designed to steal financial information and login credentials. According to Zscaler, the transition towards attacks based on social engineering is driven by the effectiveness of such tactics in circumventing advanced security protocols.

Rise of Adware: A Prominent Threat

Another significant trend highlighted in the report is the rise of adware as a prominent threat within the Android ecosystem. Adware now accounts for roughly 69% of all detections, almost double from last year. This shift underscores the evolving nature of cyber threats and the need for users to remain vigilant against various forms of malware.

Zscaler has identified several notable malware families, including Anatsa, a banking trojan that continues to evolve with new capabilities and regions targeted. The latest variant of Anatsa can steal data from over 831 financial organizations, cryptocurrency platforms, and is now active in Germany and South Korea.

Geographic Impact: India, US, Canada Among Top Targets

The geographic impact of these cyberattacks is significant, with India, the United States, and Canada receiving 55% of all attacks. Additionally, Zscaler observed massive spikes in attacks targeting Italy and Israel, ranging from 800% to 4000% year-over-year increases.

India also saw a notable surge in malware targeting Android TV boxes via the Android Void (Vo1d) backdoor malware, which has infected at least 1.6 million devices running outdated versions of the Android Open Source Project (AOSP).

Defense Strategies and Future Implications

To defend against these evolving threats, Zscaler advises users to apply security updates, only trust reputable publishers, reject/disable Accessibility permissions, avoid downloading non-essential apps, and regularly run Play Protect scans. For organizations, the report recommends implementing zero-trust technology for critical networks and hardening IoT and cellular gateways by monitoring for anomalies and adding protections at the firmware level.

As the use of mobile payments becomes more widespread, the threat landscape is likely to continue evolving, necessitating ongoing vigilance and proactive measures from both users and organizations alike. The industry context suggests that while the number of attacks may fluctuate, the sophistication and adaptability of cybercriminals will remain a persistent challenge.