According to Infosecurity Magazine, Zscaler’s ThreatLabz 2025 report reveals a 67% surge in Android malware over the past year. The security firm analyzed over 20 million mobile requests between June 2024 and May 2025 and found 239 malicious apps slipped past Google’s defenses. These apps were downloaded a staggering 42 million times from the official Play Store, with productivity and workflow tools being the most common disguise. Manufacturing and energy sectors were hit hardest, with energy sector mobile attacks exploding by 387% annually. India, the US and Canada accounted for most malicious traffic, while IoT threats were dominated by Mirai and Gafgyt malware targeting manufacturing and transportation.
Sponsored content — provided for informational and promotional purposes.
The Persistent Play Store Problem
Here’s the thing that really gets me – we keep having this same conversation year after year. Google’s security filters supposedly get better, but malicious apps still slip through. 42 million downloads is an absolutely massive number that represents real people getting compromised. And the fact that these were mostly productivity apps targeting remote workers? That’s deliberately predatory behavior. They’re exploiting people just trying to do their jobs better.
Why Certain Sectors Are Getting Hammered
The 387% increase in energy sector attacks isn’t random – it’s strategic. Critical infrastructure has always been a juicy target, but now attackers are realizing that mobile devices are the weak link. Manufacturing and transportation being top targets makes complete sense too. These industries have rapidly digitized their operations without necessarily securing every endpoint. Basically, if you can compromise one employee’s phone, you might get access to industrial control systems or logistics networks. That’s a scary thought.
Is Zero Trust Really the Answer?
Zscaler’s recommendation of “Zero Trust everywhere” sounds great in theory, but I’m skeptical about how many organizations can actually implement it properly. Zero Trust requires significant investment and cultural change. And while AI-powered detection sounds fancy, we’ve seen AI both help and hinder security efforts. The real question is: when will app store security become proactive rather than reactive? Google’s approach often feels like they’re playing whack-a-mole with malicious developers instead of building systems that prevent these uploads in the first place.
The Erosion of User Trust
Look, the most damaging part of this isn’t just the immediate security risk – it’s the long-term erosion of trust in official app stores. When people can’t trust that apps in Google Play are safe, they might turn to even riskier alternatives or become completely paranoid about downloading anything. That’s bad for innovation and bad for users. And with India seeing 38% year-over-year growth in threat volume, we’re talking about emerging markets getting hit hardest right as they’re adopting mobile technology. The timing couldn’t be worse.
