Copyright Tom's Guide
You can never be too safe when installing a new app on one of the best Android phones as hackers and other cybercriminals continue to use malicious apps in their attacks. According to a new report from the cloud security company ZScaler, there were more than 40 million downloads of malicious apps on the Google Play Store between June 2024 and May 2025. Though the majority of these apps are no longer available through the app store, the company found 239 applications that it was able to identify as malicious, up from 200 the previous year. This represents a 67% growth in malware that specifically targets mobile devices, and much of it is spyware and banking trojans; banking malware specifically has grown over the past three years and reached 4.89 million transactions in 2025. The report from Zscaler identifies that much of the mobile malware has shifted to a social engineering approach because of the increased adoption of mobile payments, as well as the improved security around payments due to the roll out of chip and PIN technology. The telemetry data collected for the report shows a shift from more traditional card fraud to methods that exploit mobile payments. Examples given involve social engineering, like phishing, smishing, SIM swapping or payment scams. Zscaler researchers have stated that cybercriminals and threat actors need to use phishing, trojans and malicious apps in order to steal financial information and log in credentials in order to carry out the attacks involved in the apps they discovered. How to stay safe from malicious downloads In order to avoid malicious downloads, you should only get new apps from reputable publishers or app stores, always apply security updates, avoid downloading non-essential apps and reject and disable accessibility permissions. Likewise, you always want to keep your operating system up-to-date and enable Google Play Protect as well. From there, limit app permissions to only what is necessary and watch for any unusual behaviors after your install apps that you're not sure about. Signs that your device may have become compromised include unusual battery drain, unexplained data usage, or persistent background activity you cannot explain. Your device should also be protected by one of the best Android antivirus apps, which will help you detect malware with real-time scans. These programs also offer additional features, like VPNs and scam alerts, that can help protect your privacy and keep you safe online. Just because a group of malicious apps came out a long time ago doesn't mean they aren't still doing damage in the real world. This is why I always recommend limiting the number of apps you have installed overall. That way, if one is malicious or it goes bad over time, it will be a lot easier to find. More from Tom's Guide
