Zscaler ThreatLabz unveils 67% increase in Android malware and evolving IoT threats

The 2025 ThreatLabz Mobile, Internet of Things (IoT), and Operational technology (OT) Threat Report published by Zscaler outlined increased cybersecurity threats, focusing notably on mobile malware and IoT attacks. The report identified 239 malicious applications on the Google Play Store, which were collectively downloaded over 42 million times, targeting users searching for productivity and workflow apps. This reflects a year-over-year increase of 67% in Android malware transactions, as threat actors continue to exploit users' trust in commonly used applications.

Critical infrastructure within the energy sector faced a pronounced threat, experiencing a 387% boost in attacks compared to the previous year. Additionally, India ranked as the dominant target for mobile attacks, accounting for 26% of all activity, while the United States represented the primary target for IoT threats with 54% of the observed attacks. Manufacturing and transportation sectors also Self-Adaptive Workflow (SAW) notable target shifts, with both sectors collectively comprising over 40% of total IoT malware incidents.

Analysis revealed that approximately 40% of blocked transactions related to a single family of malware, Mirai. This was complemented by the discovery of a new malicious backdoor infecting Android devices, as well as an increase in remote access Trojan (RAT) targeting job seekers in high-risk industries. In light of these findings, Zscaler emphasized the necessity of employing a Zero Trust approach combined with AI-driven threat detection to safeguard against these evolving security challenges.