India accounts for 26% of global mobile malware attacks, report finds
In 2025 alone, malicious apps were downloaded more than 40 million times globally. The report identified 239 malicious applications on the Play Store and recorded a 67% year-on-year increase in Android malware transactions.
ADVERTISEMENT
India has emerged as the world’s most affected country for mobile malware attacks, accounting for more than a quarter of global incidents, according to a new report by cloud security firm Zscaler’s ThreatLabz.
The report found that India accounted for 26% of mobile malware attacks worldwide, followed by the United States at 15% and Canada at 14%. Mobile threat activity in India rose 38% in 2025 compared with the previous year, driven by the rapid adoption of digital services and connected devices.
Zscaler ThreatLabz also flagged a sharp rise in malicious applications hosted on the Google Play Store. In 2025 alone, such apps were downloaded more than 40 million times globally. The report identified 239 malicious applications on the Play Store and recorded a 67% year-on-year increase in Android malware transactions.
According to the analysis, the “Tools” category emerged as a key distribution channel, with attackers disguising malware as productivity and workflow applications. The strategy exploits user trust in utility-driven apps, particularly in hybrid and remote work environments where mobile devices play a central role in day-to-day operations.
In India, the most frequently targeted sectors were Retail and Wholesale, which accounted for 38% of attacks, followed by Hospitality, Restaurants and Leisure at 31%. Manufacturing (16%) and Energy, Utilities, Oil and Gas (8%) were also significant targets. The concentration of attacks on consumer-facing and operations-heavy sectors reflects attackers’ focus on high-transaction environments and IoT-dependent operations, the report said.
“India’s challenge is stark with breakneck digitisation across UPI, super apps and a sprawling IoT estate, making the country a high-value target,” said Suvabrata (Suva) Sinha, CISO-in-Residence at Zscaler. He said organisations need to operationalise zero-trust security frameworks, strengthen identity- and device-centric access controls, and embed mobile threat defence into enterprise security policies.
The report also highlighted the emergence of a new backdoor malware, Android Void, which has infected about 1.6 million Android-based TV boxes, primarily in India and Brazil.
