India Remains Top Target for Mobile Attacks as Threats Surge 38%

India’s digital transformation has accelerated faster than many governments anticipated, with UPI payments, super‑apps and a sprawling IoT ecosystem now woven into everyday commerce. This hyper‑connected environment creates a lucrative attack surface, drawing cyber‑criminals who can harvest financial data, spy on users, or disrupt critical services. The sheer volume of malicious Android applications—239 identified and downloaded 42 million times—illustrates how threat actors exploit the trust users place in official app stores, turning everyday tools into vectors for spyware and banking fraud.

The Zscaler ThreatLabz 2025 report paints a granular picture of sector‑specific risk. Retail and wholesale (38%) and hospitality (31%) lead the pack, reflecting the high transaction volume and customer‑facing interfaces that these industries operate. Meanwhile, IoT backdoor families, especially IoT.Backdoor.Gen.LZ, account for 85% of IoT detections, signaling coordinated campaigns against connected devices ranging from smart cameras to industrial controllers. The rise of adware, now responsible for 69% of mobile threats, further complicates defenses, as it blends benign‑looking advertisements with malicious payloads, eroding user confidence and inflating remediation costs.

In response, security leaders are advocating a “Zero Trust everywhere” model, reinforced by AI‑driven threat analytics that can inspect encrypted traffic and identify anomalous behavior in real time. Embedding mobile threat defense into enterprise policies, enforcing device‑centric identity controls, and continuously monitoring IoT endpoints are no longer optional—they are essential to safeguarding India’s digital infrastructure. As the country continues to set the pace for mobile commerce, its approach to cyber resilience will likely become a benchmark for other rapidly digitizing economies worldwide.