ISLAMABAD: A cybersecurity company on Thursday revealed that the number of Trojan banker attacks on Android smartphones increased by 56 percent in 2025 compared to the previous year. According to this type of malware is designed to steal user credentials for online banking, e-payment services and credit card systems. Cybercriminals commonly distribute Trojan bankers through messaging apps, as well as through malicious webpages. The number of new Trojan banker installation packages for Android (unique APK files) also increased sharply, reaching 255,090 packages – a 271 percent increase over 2024. This may indicate that these tools generate substantial profit for cybercriminals. Kaspersky experts believed that threat actors will continue both to expand delivery channels and develop new Trojan variants trying to evade detection by security solutions. Among all detected Trojan bankers, the leading families were Mamont and Creduz. “Although Trojan bankers for smartphones are the fastest-growing type of malware, we also observed another important trend: preinstalled backdoors such as Triada and Keenadu appeared more frequently compared to previous years. People purchase a completely new, but infected, Android devices and may be unaware of the threat. Once integrated into the firmware fully functional preinstalled backdoors provide attackers with unlimited control over the victims’ smartphones and tablets. As a result, all information on infected devices can be compromised. It’s quite difficult to remove such malware. If the device is infected, we recommend users check for firmware updates. After the update, run a scan of the device with a security solution again to make sure newly installed firmware is not infected,” comments Anton Kivva, malware analyst team lead at Kaspersky. Copyright Business Recorder, 2026