Mobile Banking Malware Surge and Supply Chain Vulnerabilities Examined in New Report

The Kaspersky report paints a stark picture of the mobile threat landscape. In 2025, detections of Android banking trojans climbed 56 percent year‑over‑year, while the number of unique malicious APKs exploded by 271 percent to more than 255 k. Threat actors are increasingly using messaging platforms and compromised web pages to deliver payloads, and pre‑installed firmware backdoors such as Triada are surfacing in brand‑new devices. These vectors give criminals near‑full control of a phone, enabling credential theft from banking apps, payment services, and credit‑card accounts.

On the enterprise side, supply‑chain compromises have eclipsed ransomware as the most common incident. Kaspersky’s survey of 1,714 security professionals shows 31 percent of firms experienced a supply‑chain breach in the past year, a figure that jumps to 36 percent for organizations with over 2,500 employees. Companies typically manage around 100 suppliers and grant access to more than 130 contractors, dramatically expanding the attack surface. Regions such as Mexico, China and Spain report exposure rates above the global average, underscoring the worldwide nature of the risk.

Mitigating these intertwined threats requires an ecosystem‑wide approach. Kaspersky advises adopting zero‑trust architectures, continuous monitoring with extended detection and response tools, and embedding security clauses into vendor contracts. Rigorous supplier vetting, regular audits, and rapid incident‑response playbooks that isolate compromised partners can shrink the breach window. As mobile devices become primary banking channels and supply chains grow ever more complex, organizations that integrate these controls into their core security strategy will be better positioned to protect both consumer data and corporate assets.