Zscaler, Inc., a leading provider of cloud security solutions, recently published the findings of its Zscaler ThreatLabz 2025 Mobile, IoT, and OT Threat Report, outlining how threat actors are leveraging malware attacks and constantly evolving their tactics. The report uncovered hundreds of malicious apps in the Google Play Store that have been downloaded over 40 million times, targeting users that are searching for productivity and workflow apps.
The report found that threat actors are developing and releasing malicious applications targeting trusted marketplaces and hybrid work environments. The result is a 67 percent year-over-year increase in Android malware transactions.
A key distribution channel for this malware was the "Tools" category, disguising malicious applications as productivity and workflow tools. This tactic capitalizes on users' trust in functionality-driven applications–a trust that is particularly strong in hybrid and remote work settings where mobile devices are integral to professional tasks.
Manufacturing Remains a Top Target
ThreatLabz's analysis of Android attack volumes reveals that the Manufacturing and Energy sectors remain prime targets for cybercriminals. Notably, the energy sector experienced a 387 percent increase in attacks compared to the previous year, highlighting an escalating threat to critical infrastructure and greater exploitation of vulnerabilities within these essential industries.
In the IoT landscape, the Manufacturing and Transportation sectors continue to be the most frequently targeted verticals. This year, each sector accounted for 20.2 percent of all observed IoT malware attacks.
Roughly 40 percent of blocked transactions are linked to the Mirai family alone, and Mozi has overtaken Gafgyt as the second highest malware family. Together, Mirai, Mozi, and Gafgyt account for roughly 75 percent of all malicious payloads in IoT environments.
Additional highlights and new findings this year:
- A new Remote Access Trojan (RAT), Xnotice, was identified for targeting job seekers in the oil and gas industry.
- Adware overtook the Joker malware family as the top mobile threat, with a leading 69 percent of cases.
- Threat actors are abandoning card-focused fraud in favor of mobile payments.
