Zscaler Report Validates Threat Actors’ Mobile First Attack Strategy

The Zscaler Threatlabz report on mobile threats and IoT documents a critical trend: threat actors are increasingly adopting a mobile-first attack strategy. This finding aligns with the research Zimperium’s zLabs has published in our 2024 and 2025 Global Mobile Threat Reports, which highlighted attackers' efforts to exploit the expanded enterprise attack surface presented by largely unsecured mobile devices and apps used by employees for both personal and business activities.

This strategic shift is backed by alarming statistics. The Zscaler report notes that Android malware prevalence has grown by a staggering 67% year-over-year. Zimperium’s 2025 GMTR echoes this escalation, noting a 50% increase in the deployment of trojans and finding that 18% of mobile devices in our sample set were infected with malware.

Furthermore, we are pleased to see Zscaler embracing the term Mishing, which Zimperium pioneered in 2024. Our comprehensive definition of Mishing includes text phishing (Smishing), voice phishing (Vishing), and QR code phishing (Quishing), as well as device-aware mobile-targeted email phishing. This unified terminology highlights an important trend we've observed: phishing increasingly targeted to execute only on mobile devices, taking advantage of the widespread lack of mobile security and the diminished vigilance shown by users while on a mobile device.

Some Highlights From the Zscaler Report

With 51% of U.S. remote-capable jobs now hybrid, employees are splitting their time between home and office, often leaning heavily on their mobile devices for communication, productivity, and access to corporate resources. Additionally, 28% of remote-capable roles are now exclusively remote, further reinforcing the critical role of mobile devices as essential tools for the workforce.

Key Trends in the Zscaler Report

• Banking malware remains consistent, demonstrating steady growth over the past three years. During 2022-2023, banking malware transactions totaled 3.68 million, increasing significantly to 4.76 million in 2023-2024, a 29% year over-year rise. The trend continued into 2024-2025, reaching 4.89 million transactions, though the growth rate slowed to 3%. 
• Threat actors are abandoning card-focused fraud, shifting their attention to mobile payments. They are increasingly exploiting the digital realm using advanced techniques like phishing, smishing, SIM swapping, and authorized push payment scams. To execute these new attacks, cybercriminals deploy phishing trojans and malicious apps specifically designed to steal financial information and login credentials, including MFA codes.
• Accessibility permissions abuse continues to be a cornerstone for threat actors, enabling them to use permissions designed to assist users for malicious purposes as a reliable entry point for device compromise. This enables them to steal credentials.

Industry Trends in the Zscaler Report

• Manufacturing, Energy, Oil and Gas, and Retail and Wholesale were among the most targeted sectors
  • Energy attacks increased 387%
  • Healthcare attacks increased 224%
  • Zimperium’s GMTR findings align, and we recently released a report focused on mobile threats in retail

• Government agencies saw sharp increases
  • 370% rise in IoT malware
  • 147% rise in mobile-related attacks
  • Driven largely by Android malware targeting devices used for public operations

• Healthcare continues to be a prime target
  • Nearly 225% increase in mobile attacks
  • High-value patient data and the need for uninterrupted services amplify risk

Conclusion and Recommended Action

The themes in Zscaler’s report point to a simple reality: mobile devices and mobile apps now sit at the center of enterprise risk, and organizations need security tools built specifically for this environment. Best-in-class mobile protection and a zero trust approach to access and data are no longer optional. They are the baseline for operating safely in a mobile-first world.

Zimperium is recognized as a leader in Forrester’s 2024 Mobile Threat Defense Wave and the QKS App Security Quadrant. Enterprises evaluating how to protect their mobile devices and applications should include Zimperium as a proven, independently validated option.