Threat Category: Mobile threats

SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users’ galleries.

The number of attacks on mobile devices involving malware, adware, or unwanted apps saw a significant increase in the first quarter.

A comprehensive historical breakdown of Zanubis’ changes, including RC4 and AES encryption, credentials stealing and new targets in Peru, provided by Kaspersky GReAT experts.

Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps.

The most notable mobile threats of 2024, and statistics on Android-specific malware, adware and potentially unwanted software.

Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model.

Kaspersky GReAT experts discovered a new campaign targeting Android devices in Malaysia and Brunei with the Tria stealer to collect data from apps like WhatsApp and Gmail.

The Mamont banking trojan is spreading under the guise of a parcel-tracking app for fake stores claiming to offer goods at wholesale prices.

The Q3 2024 mobile threat statistics encompass data on cyberattacks against Android devices involving malware, adware and potentially unwanted apps.

Kaspersky experts share their insights into cyberthreats that face online shoppers in 2024: phishing, banking trojans, fake shopping apps and Black Friday sales on the dark web data market.

Kaspersky’s GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025.

Kaspersky experts have discovered a new version of the Necro Trojan, which has attacked tens of thousands of Android devices through Google Play and Spotify and WhatsApp mods.

The report gives statistics on mobile malware and unwanted software for Q2 2024, including mobile banking Trojans and ransomware.

Previously unknown spyware LianSpy targets Android devices by exploiting root privileges to steal data and leveraging Yandex Disk cloud service as C2.

Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Mobile threats

SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play

IT threat evolution in Q1 2025. Mobile statistics

Zanubis in motion: Tracing the active evolution of the Android banking malware

Triada strikes back

Mobile malware evolution in 2024

Take my money: OCR crypto stealers in Google Play and App Store

No need to RSVP: a closer look at the Tria stealer campaign

Download a banker to track your parcel

IT threat evolution in Q3 2024. Mobile statistics

Scammer Black Friday offers: Online shopping threats and dark web sales

Сrimeware and financial cyberthreats in 2025

How the Necro Trojan infiltrated Google Play, again

IT threat evolution in Q2 2024. Mobile statistics

LianSpy: new Android spyware targeting Russian users

Mandrake spyware sneaks onto Google Play again, flying under the radar for two years

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails