India remains biggest target for mobile malware attacks worldwide, report claims

phone

• India faced 26 percent of global mobile malware attacks, highest worldwide
• Mobile threats in India up 38% year-on-year due to app and device use.
• Retail, hospitality, and manufacturing sectors in India were most targeted

Did our AI summary help?

India has once again emerged as the most targeted country for mobile malware attacks, according to the latest ThreatLabz 2025 Mobile, IoT, and OT Threat Report released by Zscaler. The report paints a worrying picture of how cyber attackers are increasingly focusing on smartphones, connected devices, and critical infrastructure, especially in fast-digitising markets like India.

According to the findings, India accounted for 26 percent of all mobile malware attacks globally, making it the biggest target worldwide. The US followed at 15 percent, while Canada stood at 14 percent. What stands out is the sharp rise in attacks. India saw a 38 percent year-on-year jump in mobile threats, driven largely by the growing use of mobile apps, digital payments, and connected devices across everyday life.

One of the biggest concerns highlighted in the report is the scale at which malicious apps are slipping into trusted app stores. Zscaler researchers found 239 harmful Android apps hosted on the Google Play Store, which together were downloaded over 42 million times. Many of these apps were disguised as productivity or workflow tools, a tactic that plays on users’ trust, especially in hybrid and remote work environments where phones are used for both personal and professional tasks. Overall, Android malware activity rose 67 percent compared to last year, with spyware and banking malware remaining key threats.

The report also sheds light on which sectors are being targeted the most in India. Retail and wholesale businesses were hit hardest, accounting for 38 percent of attacks, followed by hospitality, restaurants, and leisure at 31 percent. Manufacturing and energy-related sectors were also affected. These industries rely heavily on connected systems and IoT devices, making them attractive targets for attackers looking to cause maximum disruption.

When it comes to IoT threats, the US remains the global hotspot, accounting for 54 percent of all IoT malware activity. India ranked fourth with 5 percent. In India, backdoor and botnet-style malware dominated, with one malware family alone accounting for the vast majority of detected cases.

“India’s challenge is stark with rapid digitisation across UPI, super apps, and a growing IoT footprint, which makes the country a high-value target,” said Suvabrata Sinha, CISO in Residence at Zscaler. He added that organisations need to move towards a Zero Trust approach that verifies every user and device continuously.

The report also flagged newer threats, including malware that has infected millions of Android TV boxes, largely in India, and a new remote access tool targeting job seekers in the oil and gas sector. Attackers are also moving away from card-based fraud and focusing more on mobile payments.

“Attackers are going where the impact is highest,” said Deepen Desai, EVP and Chief Security Officer at Zscaler. “With massive growth in mobile and IoT attacks, organisations need stronger, AI-driven security to stay ahead.”

The overall message is clear. As India’s digital ecosystem grows, so does its appeal to cybercriminals, making stronger mobile and IoT security more critical than ever.