Malware Families, Mobile Threats, and the Human Risk Narrative Shaping Cybersecurity

The battle against cyber threats is never-ending — and mobile is the new battleground. 

Modern workers now rely on mobile devices to access sensitive information, often using a single device for personal and professional purposes. As a result, malicious actors have sensed a blind spot and are using these devices as the first line of attack to gain a foothold into secure systems. 1.2 million enterprise employees were exposed to mobile phishing attacks in Q2 2025. That’s a 20% increase from the previous quarter, and the attacks show no signs of slowing down.

CISOs must be aware of this shifting threat landscape and devise a plan to manage their network security at these endpoints. Here, we’ll explore how human risk plays a significant role in the future of mobile endpoint security, common malware families to watch out for, and offer actionable strategies to destroy these threats at the root.

The role human risk plays in mobile security

Social engineering attacks are nothing new. CISOs have been instructing their employees to keep an active watch for fraudulent emails or phone calls, use multi-factor authentication for secure login, and maintain strong passwords for years.

Staying vigilant on official corporate communications channels is one thing, though. Doing the same on personal mobile devices, where users are much more likely to trust and react to messages they receive, is something else entirely. And these devices are pervasive in the modern threat landscape.

Cloud-based networking is a blessing and a curse. It grants employees a chance to work on critical projects anywhere that’s convenient for them, whether that’s at a dedicated workstation in the office, on their laptop at a local coffee shop, or even on their smartphone as they’re resting at home on their couch. 

This access has been an immense boon toward increasing worker efficiency and productivity. It’s also blurred the lines between assigned devices that security teams can monitor and lock down, and devices that they have limited visibility into. BYOD policies may have been implemented in the name of convenience, but they effectively make managing endpoint detection and response (EDR) much more difficult.

Threat actors are aware of this new environment, and they’re exploiting it. 72% of organizations reported a rise in cyberattacks like phishing, smishing, or generative AI-augmented attacks on their business over the past year. Lookout’s own data found that 58% of companies have experienced cybersecurity incidents due to executive impersonation scams via text or voice. However, a little over half of CISOs admit to having inconsistent visibility into social engineering attempts made against their employees. 

These attacks on an employee’s personal device inevitably lead them toward fraudulent links or landing pages, where they unwittingly download malware, install malicious apps, or otherwise hand over credentials to their attacker. These attacks are becoming more sophisticated and harder to identify, as the number of enterprise users who tap on more than six phishing links has continued to grow year over year since 2020. The foothold attackers gain here becomes increasingly important as the line between the personal and professional device continues to blur, with threat actors increasingly using this access to breach your organization’s network and gain access to sensitive data with little warning. 

CISOs must work toward closing this gap. It starts by recognizing the most common malware families found on mobile devices, then leveraging EDR processes to find and mitigate the damage before it spreads. Additional training to help employees spot these increasingly sophisticated attacks will help prevent these attacks before they take root.

Common malware families for mobile devices

According to the Lookout Mobile Threat Landscape Report for Q2 2025, over 69,000 malicious apps were detected on enterprise devices. Many of the malicious apps users encountered fell into one of three common types of malware families, all of which are primarily found on Android.

Triada

Triada is a Trojan that, once installed, is able to secretly control critical aspects of the device and exfiltrate sensitive data, like text messages, call logs, and contact information.

MoneytiseSDK

MoneytiseSDK is another Android Trojan that is embedded into applications and turns a victim’s phone into a proxy. This attack then allows the malware developers to make money by routing unvetted network traffic through the device’s network connection.

WAPDropper

This toll fraud application downloads and executes code from a remote server, leading to malicious behavior and potentially causing unexpected charges on the victim’s mobile phone bill.

How to protect against an evolving threat landscape

A new threat landscape requires different tools and strategies to respond to emerging threats while staying ahead of the curve. The following strategies will allow you to upgrade your current efforts while shoring up security gaps as much as possible.

• Implement mobile-forward EDR platforms and processes. Traditional endpoint detection and response systems cover standard endpoints, like desktops and laptops. Bolting on rules and processes that attempt to cover the breadth of mobile devices and monitor potential access points is no longer enough. An EDR system with a focus on mobile devices will help you cover a wider range of malicious apps, exploits, and even network-based threats across the devices you’re able to control — as well as the devices you can’t.
• Lean on AI mobile threat detection (MTD). As the number of mobile threats continues to climb, basic automated detection processes will no longer cut it. AI-first MTD can leverage a large body of telemetry data, giving your mobile EDR tools a massive boost when it comes to popular malicious apps, obscure threats, and even zero-day attacks.
• Train employees about mobile-specific attacks. “Lack of training” is the number one reason CISOs cite when employees end up clicking on suspicious links, meaning current efforts aren’t keeping pace with the current threat environment. Regular security training must include examples of mobile phishing attacks so employees know what to look for. If employees have access to your organization’s infrastructure on their personal devices, include best practices on how to protect this data without sacrificing their ability to use the device as they normally would.

Level up your mobile threat detection

The need for mobile-first threat detection in today’s modern cybersecurity landscape is immense. If you don’t have effective EDR processes to account for this new attack surface already, today is a good day to start implementing them. Download a free copy of The Mobile EDR Playbook today, and get answers to key questions about how to protect your infrastructure from these growing threats.