India has emerged as the most affected country globally in terms of mobile cyber threats, accounting for 26 per cent of all mobile malware attacks worldwide, according to a latest study released by the Future Crime Research Foundation. The findings place India ahead of the United States and Canada, underscoring growing vulnerabilities in the country’s fast-expanding digital ecosystem.
The study, titled “2025 Mobile, IoT and Operational Technology Threat Landscape Report,” analysed over 20 million mobile security incidents recorded during 2024–25 across multiple geographies. The data shows that the United States accounted for 15 per cent of global mobile malware activity, followed by Canada at 14 per cent, while India topped the list with the highest share of detected threats.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Android Malware Sees 67% Year-on-Year Growth
The analysis highlights a steep escalation in Android-based malware, registering a 67 per cent increase compared to the previous year. Cybersecurity researchers attribute the surge primarily to the rapid proliferation of spyware and banking trojans, both of which are designed to extract sensitive personal and financial information from compromised devices.
Spyware applications typically operate covertly, harvesting call records, messages, location data and device activity without user awareness. Banking malware, meanwhile, targets digital payment platforms, online banking credentials, Unified Payments Interface (UPI) details and mobile wallets, directly exposing users to financial fraud.
Mobile Threat Activity in India Rises 38%
According to the report, mobile threat activity in India rose by 38 per cent year-on-year, reflecting the scale at which cybercriminal networks are exploiting the country’s vast smartphone user base. Analysts note that India’s accelerated digital adoption — driven by affordable smartphones, low-cost mobile data and widespread use of app-based services — has significantly expanded the attack surface for threat actors.
The report also flags comparatively low cybersecurity awareness levels, particularly in rural and semi-urban areas, as a contributing factor. Many users, it notes, remain unaware of basic digital hygiene practices such as permission management, app verification and software updates.
Malicious Apps Detected on Official App Stores
Raising further concern, the study found that official app distribution platforms are not immune to abuse. Researchers identified 239 malicious applications hosted on the Google Play Store that were collectively downloaded more than 42 million times before detection and removal.
These applications often disguise themselves as photo-editing tools, utility apps, casual games or financial services, luring users into installation. Once active, they engage in unauthorised data collection, background surveillance and credential theft, often without triggering immediate red flags.
Red Flags for India’s Digital Economy
Cybersecurity experts warn that the findings pose serious risks for India’s digital economy, where mobile phones are increasingly central to banking, governance services, identity authentication and digital payments. Any large-scale compromise of mobile security systems, they caution, could result in widespread financial losses and extensive data breaches.
Users are being advised to download applications only from trusted developers, scrutinise app permissions, install regular security updates and avoid clicking on suspicious links received via messages or emails.
Call for Stronger Oversight and Awareness
The report stresses that addressing the surge in mobile malware will require coordinated action involving policymakers, technology companies and end users. Strengthening app vetting processes, enhancing real-time threat detection and launching nationwide digital awareness programmes are identified as key measures to curb rising cyber risks.
The findings warn that without timely and sustained interventions, mobile cyber threats in India are likely to intensify further, posing long-term challenges to user safety and the country’s digital infrastructure.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
