The Zscaler ThreatLabz 2025 Mobile, IoT & OT Threat Report reveals an alarming escalation in cyber threats targeting the devices that power modern business operations. With mobile malware surging and IoT vulnerabilities expanding, organizations face an increasingly sophisticated attack landscape.
Android Under Siege
Android malware transactions skyrocketed 67% year over year, driven primarily by banking trojans and spyware. The scale is staggering: 239 malicious Android applications infiltrated the Google Play Store and were downloaded 42 million times. Adware now dominates the threat landscape at 69%, displacing the Joker malware family that led last year.
Attackers are exploiting the Tools category—apps workers rely on for productivity—making hybrid work environments particularly vulnerable. Banking malware like Anatsa, Ermac, and Trickmo continues to evolve, now targeting over 831 financial institutions globally through sophisticated overlay attacks and abuse of accessibility services.
The IoT Threat Multiplies
IoT malware remains concentrated among three dominant families: Mirai, Mozi, and Gafgyt, which collectively account for 75% of all malicious payloads. Routers bear the brunt of attacks, accounting for 76% of targeted devices, primarily through command-injection vulnerabilities that allow attackers to execute unauthorized commands and expand botnet networks.
Geographically, the United States absorbs 54% of IoT attacks, though Hong Kong (15%), Germany (7%), and India (5%) are emerging as significant hotspots. This geographic diversification signals evolving attacker strategies across global infrastructure.
Industries in the Crosshairs
Manufacturing and Transportation sectors each account for 20% of IoT attacks, jointly bearing 40% of the total threat burden. However, the most dramatic increases occurred elsewhere: Arts & Entertainment saw a shocking 1,862% surge, Education 861%, and Finance & Insurance 702%.
The Energy sector witnessed a devastating 387% increase in attacks, underscoring the critical vulnerability of infrastructure systems. Healthcare attacks rose 225%, driven by the value of sensitive patient data and the sector’s operational necessity.
India leads mobile attack targets with 26% of activity, followed by the United States (15%) and Canada (14%). The Android Void malware alone infected 1.6 million Android TV boxes, demonstrating how consumer devices can serve as attack vectors.
Emerging Tactics
Threat actors increasingly leverage “mishing”—mobile-specific phishing through SMS, QR codes, and voice calls—to compromise devices. Malware developers employ sophisticated evasion techniques, including malformed ZIP files and extended XML manipulation to bypass detection systems.
The report emphasizes that cellular-connected IoT devices create shadow attack surfaces with inadequate visibility and control. Many organizations mistakenly believe cellular connectivity provides inherent security, leaving critical vulnerabilities unaddressed.
With projections estimating 4 billion cellular-connected IoT devices by 2030, the report underscores the urgent need for zero-trust architectures, AI-driven threat detection, and comprehensive network segmentation to defend against these converging threats.
