Trojan Mamont tops Android threats
Apps and messaging platforms on smartphones remain common vectors for mobile malware infections.
Downloaded an app — got a virus, after which the phone slows down, freezes, or even stops working altogether. Moreover, with the help of malicious programs, criminals gain access to a user’s bank accounts and leave them penniless. The number of victims runs into the millions. Experts at Laboratoriya Kasperskogo, Kaspersky Lab, analyzed the most widespread malicious programs targeting users of Android devices in Russia in 2025.
«Only the service center saved it»
Often a smartphone starts behaving strangely after the user downloads a new app: in most cases the gadget begins to work slowly or stops working at all. A reader of NGS with the handle Hozyain Barin ran into problems after downloading one of the messengers.
«I downloaded it, and the smartphone just started to act up, lag — it froze. I deleted the app, rebooted the phone, and it was as if new. Works “like a dream”. Apparently the messenger had a virus,» the user suggested.
A reader of NGS with the handle “A_S” encountered difficulties after installing the Getcontact app. During installation the app suddenly asked for access to the camera.
Several users reported phones slowing or failing after installing seemingly legitimate mobile apps.
«I allowed it, and as a result the camera stopped working. When I removed this app, everything got better,» the Novosibirsk resident shared.
At times, difficulties also arise for users of the iOS system, which, by experts’ estimates, is considered more resilient to virus attacks. Thus, a resident of Novosibirsk, Svetlana, had to take her device to a service center after updating an already installed app.
«After updating the L’Etoile app, my iPhone froze on the logo. Only the service center saved it,» Svetlana recalled her negative experience.
«The number of those attacked is approaching a million»
Experts note that modern people are using computers and laptops less and smartphones more. With them, most users seek current information, read news, pay bills, and choose goods, becoming an attractive target for cyberattacks. According to research by Kaspersky Lab, in 2025 in Novosibirsk Oblast (Russia) 7% of mobile device users experienced attackers’ capabilities firsthand.
Specialists identified the most widespread threat to Android users in Russia by analyzing common malicious programs in 2025. According to the company’s data for January – August, the most prevalent virtual pest was the mobile banking trojan* Mamont. The number of users attacked by it increased 36-fold compared with the same period in 2024.
* A trojan malware program (English “trojan”, also — trojan or trojan horse) is a type of malicious program that penetrates a computer under the guise of legitimate software, unlike viruses, which spread on their own.
The Mamont trojan works like this: it requests access to SMS and push notifications on the infected user’s smartphone, after which it uses them to steal money via SMS banking. Some of its modifications can intercept confirmation codes to steal messenger accounts.
Growing smartphone reliance encourages attackers to refine techniques for stealing data and money.
«The number of users attacked by this trojan in 2025, according to our data, is already approaching a million. There are many methods of distributing Mamont. Among the most popular for criminals is sending the virus in messengers disguised as a photo or video. In the names of such files, the .apk format appears. This means the user has been sent an installation package — that is, a program — not something else. We have also seen schemes in which the virus mimicked a remote-work app, a tracker for monitoring store orders, as well as educational content,» said cybersecurity expert at Kaspersky Lab Dmitry Kalinin.
According to specialists at Kaspersky Lab, you should not trust files that arrive from acquaintances in messengers. For example, you should not rush to open a file with allegedly compromising photos of the user. You can also fall victim to Mamont by following a fake link to an online store’s website or agreeing to accept a bouquet of flowers as a gift.
Among other common threats to Android devices is the Triada** backdoor. The program has broad functionality and gives attackers almost unlimited capabilities to control the infected gadget. Some varieties of Triada are distributed in the firmware of brand-new inexpensive Android devices — counterfeits of various popular smartphone models.
** A backdoor (from English back door — “back entrance”, “loophole”, literally “rear door”) is a flaw in an algorithm that is intentionally embedded by an attacker for covert and rapid access to data, in most cases to encrypted and protected data.
«The number of users attacked by this malware in Russia in 2025 increased fivefold compared with 2024 and is measured in the hundreds of thousands. This growth is due, among other things, to the emergence of a new version of Triada,» explained Dmitry Galov, head of Kaspersky Global Research and Analysis Team (GReAT) in Russia.
The trojan quickly embeds itself into the system and can control all processes. On infected devices, according to the speaker, this type of virus can steal accounts in messengers and social networks, substitute numbers during calls, control SMS, monitor the victim’s activity in browsers, as well as covertly send messages purportedly on the victim’s behalf in messengers and delete them to cover its tracks.
Certain low-cost Android devices ship with preinstalled malware hidden within modified firmware.
The hallmark of this malware is its maximum stealth. The virus removes its traces from memory, so an ordinary user simply will not find them.
Smartphones with the iOS operating system are susceptible to viruses as well (though to a lesser degree). A few months ago, for example, information appeared that one virus had spread in the official App Store. It was used to steal cryptocurrency.
«Compared with Android, iOS in terms of security can more easily identify a malicious file, but we are recording that iOS also faces various threats,» explained Dmitry Galov.
How to protect yourself
To avoid becoming a victim of viruses, experts advise users not to download files from dubious chats with strangers and to pay attention to the file extension.
«For example, you should understand that if the extension “.apk” or “.exe” is indicated, then it is a program, not a photo, video, or text document,» the expert noted.
Specialists also recommend regularly updating the operating system on the smartphone and installed apps, and using antivirus programs from trusted companies whose technologies confirm their effectiveness through independent tests. Such protection will recognize a threat in time and will not allow the user to install a malicious program or to follow a phishing or scam link.
The topic of cybercrime is more relevant than ever, since every day thousands of people fall victim to scammers online. Crime statistics continue to grow every year despite the laws. One reason is that many cases involving scammers on the internet are not investigated.
The NGS editorial team also learned that banks in Russia may be obliged to return money to victims of fraudsters. Specialists assessed the initiative and outlined its pros and cons.
