We’re all so attached to our phones, looking to scroll, email, text or watch videos, that a new term has emerged: “tech neck.” While we’re watching, talking, texting, and video conferencing, who is watching the phones? In this month’s CYRIN newsletter we will discuss a developing issue — the risks associated with mobile phones. This is an evolving new threat that cybersecurity professionals are beginning to prioritize.
“No one is watching the phones” warns Rocky Cole, former cybersecurity expert at both the National Security Agency and Google and now CEO at iVerify. Cole’s salvo comes from a recent (June 2025) Associated Press article that looks at why and how the security on our mobile phones has become a global cybersecurity concern.
In a March, 2025 CyberPress article, Kaspersky’s latest report on mobile malware revealed a persistent and aggressive threat in the evolving cybersecurity landscape. The statistics speak for themselves: In 2024, the security firm’s products “blocked an alarming 33.3 million attacks involving malware, adware, or unwanted mobile software, which translates to an average of 2.8 million attacks per month. The overwhelming mobile threat – totaling 35% of total detections – stemmed from adware. In that case 1.1 million malicious and potentially unwanted installation packages were reported, with nearly 69,000 associated with mobile banking Trojans.”
The data underscores the diverse threats and methods facing mobile users and CyberPress also noted the emergence of novel attack vectors and distribution methods. Banking Trojans showed a marked increase in activity; the persistence of these banking Trojans suggests a shift in cybercriminal tactics. Attackers seem to be focusing on trying to “distribute existing malware more widely rather than developing new variants.” This might signal a more efficient and targeted approach to hacking mobile devices and compromising financial data, or just a growing persistence to find vulnerabilities before they’re addressed by advanced security tools.
Writing for AP News, David Klepper reports one specific example of how cybercriminals quickly discover new avenues of attack when one vulnerability has been managed. In 2024, cybersecurity investigators noticed a “highly unusual software crash” that seemed to specifically impact smartphones belonging to people who worked in government, politics, tech and journalism. These crashes extended into 2025, leading investigators to believe this sophisticated cyberattack might have allowed hackers to infiltrate a phone without “a single click from the user.” Upon further investigation, the cybersecurity firm iVerify noticed that the victims all worked in areas of interest to the Chinese government and “had been targeted by Chinese hackers in the past.”
This is not a new vulnerability, as groups associated with China’s military and intelligence service “have targeted the smartphones of prominent Americans and burrowed deep into telecommunication networks,” according to national security and tech experts. Foreign hackers have increasingly identified smartphones, other mobile devices and the apps they use as a weak link in U.S. cyber defenses.
Mobile phones have become prime targets for cybercriminals for several reasons. For one, they’re everywhere; almost everyone relies on a smartphone for daily tasks, from banking and shopping to social media and work. More importantly, these devices store a wealth of sensitive information, including financial details, personal data, and even medical records. With access to banking apps, emails, and social media accounts, hackers see mobile phones as a goldmine for identity theft and fraud. Many people also put their data at risk by connecting their phones to unsecured networks, ignoring the warnings and assuming their data is safe. Public Wi-Fi, for example, is far less secure than private networks, allowing hackers to intercept sensitive information with ease. But mobile networks can also be compromised. The rise of high speed 5G networks has made for better mobile connections, but sophisticated technology also introduces new security gaps that cybercriminals are eager to exploit. The speed and broad reach of 5G means that threats can spread more quickly and across devices and systems.
As the tactics of cybercriminals evolve, attention has turned to such valuable targets as mobile wallets and digital IDs. Mobile wallets store payment information, and digital IDs hold sensitive personal data; both present opportunities for cybercriminals to steal money and identities and commit fraud. Weaknesses in these systems, combined with vulnerabilities in 5G networks, make robust security for mobile devices more critical than ever.
Mobile malware began by targeting basic features like SMS or contact lists. The sophistication of hackers’ techniques to exploit vulnerabilities and steal data has risen steadily with the increased use of mobile phones. Today, mobile malware can target personal data, passwords, financial information, and even gain control over the device itself. With the rising popularity of online banking, bill pay, and social networking, the rates of mobile malware observed by cybersecurity experts have risen proportionally. Millions of apps are available for download, and it’s easy for users to expose themselves to potential threats without realizing it, especially since malicious apps are often well disguised as legitimate. Mobile malware like viruses, worms, Trojans, adware, and spyware can lead to compromised personal data, financial fraud and/or identity theft, spreading through infected apps, phishing and social engineering, and supply chain exploitation. Mobile malware can have significant consequences for businesses, including operational disruptions, stolen data, and reputational damage.
This issue will not disappear any time soon but will become increasingly complicated. According to a 2024 Zimperium research report, 71% of employees use smartphones for work tasks. Users who engage in sideloading apps (the practice of installing mobile apps on a device that are not from the official app stores) on a device are 200% more likely to become infected with mobile malware.
The meteoric rise of smart phones means we depend on our mobile devices for many activities, including banking and business transactions. The convenience is great, but this increasing dependency on mobile connectivity means the threat of mobile malware has and will continue to escalate. Implementing comprehensive security strategies and enforcing best practices are essential to mitigate risks and protect sensitive data across both personal and professional environments.
As public treasure troves of personal data, Forbes recently predicted that attacks on mobile devices will continue to be one of the biggest cybersecurity trends of 2025.
According to Forbes, cybercriminals are shifting to a “mobile-first attack strategy,” having discovered you are far more likely to fall victim on your phone than a larger device. And given the amount of time we spend on our phones, an “insidious new attack vector — the pairing of social engineering with mobile devices,” is making the threat worse. The use of mobile apps for everything from entertainment to health tracking has skyrocketed, and with it, the difficulty in maintaining secure systems, which in turn raises the risk of digital fraud and identity theft.
The attacks on millions of phones are moving “beyond just traditional banking and payment fraud,” to “more treacherous” mishing (mobile phishing) lures that include “the downloading of malware capable of hijacking OTP (one-time-password) and verification codes. In addition, AI advances have made it even harder to detect a threat on a small screen before tapping. This trend does not look like it is slowing down and as it continues to accelerate, it will increase the demand for continuing innovation in mobile-specific security.
Some of this means new user training and awareness, and strict rules on link and attachment handling. As described in the Forbes piece, “when it comes to account credentials, there are now multiple reasons to shift from SMS to authentication apps or passkeys.” As Microsoft has warned, “we only get safer if legacy login methods are removed. It’s not just a case of providing new ways to secure accounts, it needs the old ways shut down.”
Guardian Digital offers useful tips to protect personal data. It is essential that organizations and individuals take steps to implement security measures, while remaining cognizant of emerging or potential threats. These steps include:
There is more; check out the tips at Guardian Digital.
How does CYRIN training and acumen play a role in all this? Whether it’s creating training for any environment, we have all the tools, including AI, the ability to design digital twins, and above all world-class training.
We continue to work with our industry partners to address major challenges including incident response, ransomware, and phishing and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.
For educators, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce. In an increasingly digitized world, training and experiential training are critical. Unless you get the “hands-on” feel for the tools and attacks and train on incident response in real world scenarios, you just won’t be prepared for when the inevitable happens. A full-blown cyberattack is not something you can prepare for after it hits.
The best time to plan and prepare is before the attack. Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Our new programs, including Digital Twins, can create real-world conditions for you to practice before you must act. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!