SHOCKING! India tops global list for mobile malware attacks with 28% share, surpasses US and Canada

In a shocking development, India has now overtaken the United States and Canada to become the leading country for mobile malware attacks worldwide, climbing from its previous position in third place, as revealed in a recent report. The Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report analyzed more than 20 billion mobile transactions and related cyber threats from June 2023 to May 2024.

"India has become the top global target for mobile malware attacks, accounting for 28 per cent of the total, surpassing the United States (27.3 per cent) and Canada (15.9 per cent). This significant jump from its 3rd place ranking last year underscores the critical need for Indian enterprises to adopt robust security measures, especially amid the rapid digital transformation and increasing cyber threats," the report said.

Nearly half of mobile attacks are caused by trojans—malware that deceives users into downloading and running harmful software—making the financial sector especially vulnerable. The report highlighted a 29% increase in banking malware attacks and an alarming 111% surge in mobile spyware attacks.

"Most financially motivated malware attacks are highly capable of bypassing Multifactor Authentication (MFA) and frequently leverage phishing vectors, such as fake login pages for different financial institutions, social media sites, and crypto wallets," it said.

Phishing attempts targeting mobile customers of major Indian banks, including HDFC, ICICI, and Axis, have risen, according to ThreatLabz analysts. These sophisticated attacks trick users into revealing sensitive banking information by directing them to counterfeit websites that closely resemble legitimate banking portals.

Similar tactics were previously used to distribute Android-based phishing malware via fake card update sites, resulting in widespread financial fraud.

Additionally, the Indian postal service has become a target for attackers. They use SMS messages to direct mobile users to phishing sites that prompt them to enter credit card details. These fraudulent schemes often exploit scenarios like missing packages and incomplete delivery addresses, capitalizing on the urgency these messages create, the report noted.

"Legacy systems and unprotected IoT/ OT (Internet of Things/Operational Technology) environments are becoming prime targets for cybercriminals. We see a significant rise in hacking campaigns targeted at these environments. It is necessary for Indian enterprises to adopt a robust zero-trust security framework to secure their core operational environments. This will not only protect critical systems but also ensure business continuity in an increasingly connected world," said Suvabrata Sinha, CISO-India, Zscaler.

The report also highlighted a troubling global trend, revealing more than 200 malicious applications found on the Google Play Store and a 45% year-over-year increase in IoT malware transactions, emphasizing the widespread and growing nature of cyber threats.

On a positive note, India has improved its position as a source of malware, rising from 5th to 7th place in the APAC (Asia–Pacific) region.