Global cybersecurity company Kaspersky is sounding the alarm on the rising threat of fake mobile apps that disguise themselves as legitimate tools and hijack devices, steal data, and drain funds from unsuspecting users.
These malicious apps, often Trojan bankers, are designed to look and function like legitimate utilities such as mobile banking apps, government service portals, e-wallets, investment platforms, messaging tools, or even basic apps like flashlights. However, once installed, they silently run in the background, often without the user’s knowledge, and can intercept personal data, manipulate transactions, and enable remote access to both personal and financial information.
Trojan banker malware works by posing as real apps or overlaying fake login screens on top of genuine ones. In more advanced cases, attackers can inject malicious code that allows them to remotely control infected devices and conduct unauthorized transactions undetected.
In 2024, cybercriminals are increasingly turning their attention to mobile platforms and cryptocurrency assets over the years. Kaspersky’s new Financial Cyberthreats Report showed the number of users encountering mobile banking Trojans rose by 3.6 times in 2024 compared to 2023, while crypto-related phishing detections climbed by 83.4 percent.
“Cybercriminals are constantly refining their tactics, and fake mobile apps have become one of the most effective tools in their arsenal,” said Adrian Hia, managing director for Asia Pacific at Kaspersky. “These apps may seem legitimate, but once downloaded, they’re capable of stealing banking credentials, bypassing security checks, and causing serious financial damage.”
In the Philippines, where mobile-first financial services continue to expand rapidly, users remain highly vulnerable to online scams. Kaspersky recorded 82,565 financial phishing attempts in the first half of 2024, compared with 59,115 in the first half of 2025, underscoring how cybercriminal activity continues to pose a persistent threat despite fluctuations.
Kaspersky also observed ransomware activity remaining a serious concern across Southeast Asia, with slight declines in overall infection rates between the first half of 2024 and the same period in 2025. In the Philippines, ransomware detections dropped marginally from 0.24 percent in H1 2024 to 0.22 percent in H1 2025, signaling ongoing but persistent threat activity.
To help users guard against fake apps and mobile malware, Kaspersky recommends the following:
For Individual Users
- Enable multi-factor authentication (MFA) and use strong, unique passwords for all your accounts to reduce the risk of unauthorized access.
- Avoid clicking on links from suspicious messages, emails, or pop-ups. Always verify the legitimacy of websites before entering your login details or payment information.
- Install a reliable security solution that can detect and block both malware and phishing attempts.
- Download apps only from trusted sources, such as official app marketplaces like Google Play or the Apple App Store. However, keep in mind that even these platforms are not immune to threats. For example, Kaspersky recently discovered SparkCat, the first screenshot-stealing malware to bypass the App Store’s security, also found in 20 infected apps on Google Play. Always read app reviews, check developer names, and verify legitimacy before downloading.
- Review app permissions regularly. Be especially cautious with high-risk permissions like Accessibility Services, which can be exploited by malicious apps. Only grant access when absolutely necessary and make sure it aligns with the app’s intended function.
For Businesses
- Ensure all systems and software are updated regularly, particularly applying critical security patches as soon as they become available.
- Equip staff with the knowledge to recognize phishing attempts and follow safe digital practices, such as securing their accounts and devices.
- Deploy robust monitoring tools and endpoint protection to detect and respond to suspicious activity across your network.
- Enforce strict access controls for employees handling financial transactions or sensitive data. Consider implementing “default deny” policies and segmenting networks to limit exposure in case of compromise.
- Subscribe to trusted threat intelligence services to stay informed about the latest malware variants, attack vectors, and cybercriminal strategies targeting your industry or region.