By Ashwani Mishra, Editor-Technology, 63SATS Cybertech
New research has revealed a worrying statistic: nearly 50% of all mobile devices globally are operating on outdated operating systems, making them easy targets for cybercriminals.
These findings are part of the recently released 2025 Global Mobile Threat Report by cybersecurity firm Zimperium, which paints a concerning picture of the mobile threat landscape.
As smartphones become increasingly embedded in corporate operations, attackers are ramping up their efforts to exploit mobile vulnerabilities. The report notes a significant rise in attacks specifically aimed at mobile users, alongside a growing number of vulnerabilities in mobile applications.
One of the most alarming trends highlighted in the report is the dramatic increase in smishing — phishing attempts delivered via SMS. Smishing now represents 69.3% of all mobile phishing attacks. In addition, vishing (voice phishing) and smishing incidents rose by 28% and 22%, respectively, compared to the previous year.
The report sheds light on several critical weaknesses that continue to expose mobile devices to cyber threats:
- Half of mobile devices are using outdated operating systems, leaving them without the latest security patches.
- Over 25% of devices are not even eligible to upgrade to the most recent OS versions, further compounding the risks.
- More than 60% of iOS apps and around 34% of Android apps lack fundamental code protection mechanisms, making them easier to tamper with.
- Almost 60% of iOS apps and 43% of Android apps are vulnerable to leakage of Personally Identifiable Information (PII), posing major privacy and security concerns.
Malware continues to be the tool of choice for cybercriminals targeting mobile platforms.
Surge in Trojans and Evasive Malware
The report recorded a 50% year-over-year increase in the use of Trojans — malicious programs disguised as legitimate software.
Furthermore, researchers identified several new malware strains, including Vultur, DroidBot, Errorfather, and BlankBot, all of which are designed to evade traditional detection methods and compromise mobile devices more effectively.
The mobile security landscape is rapidly shifting, and attackers are becoming more innovative. Many now use multi-pronged approaches that combine smishing with malware delivery, social engineering tactics, and exploitation of app vulnerabilities to maximize their chances of success.
Experts warn that mobile devices, often perceived as safer than traditional endpoints like laptops and desktops, are now equally—if not more—at risk.
Companies relying heavily on mobile devices for business operations must rethink their security strategies, ensuring that mobile endpoints are as rigorously protected as any other part of their IT infrastructure.
The findings from Zimperium’s 2025 Global Mobile Threat Report send a clear message: the mobile ecosystem must prioritize security. With half of the devices worldwide running outdated software and app vulnerabilities rampant, both organizations and individuals need to act swiftly to patch weaknesses, harden defenses, and stay vigilant against the ever-evolving tactics of cyber attackers.
In a world where mobile devices serve as primary workstations, communication hubs, and storage for sensitive information, neglecting mobile security could have catastrophic consequences — both for personal users and enterprises alike.
