Between June 2024 and May 2025, malicious Android apps on Google Play amassed over 40 million downloads, according to Zscaler's report. The company saw a 67% rise in mobile device malware, with spyware and banking trojans being significant threats. Cybercriminals are shifting tactics, moving from traditional card fraud to using social engineering methods like phishing and SIM-swapping, largely due to enhanced security measures like chip-and-PIN technology. Zscaler’s findings show a concerning trend: the number of malicious apps on Google Play increased from 200 to 239 in a year. Adware has emerged as the primary threat, making up 69% of detections, while the Joker info-stealer dropped from first to second place. Spyware saw a staggering 220% increase, driven by families like SpyNote and SpyLoan. Geographically, India, the U.S., and Canada experienced 55% of attacks, with Italy and Israel seeing alarming spikes of up to 4000% year-over-year. Three notable malware families highlighted in the report are Anatsa, Android Void (Vo1d), and Xnotice. Anatsa, a banking trojan, infiltrates productivity apps on Google Play and can target over 831 financial institutions. Android Void affects Android TV boxes, primarily in India and Brazil, while Xnotice targets job seekers in the oil and gas sector, spreading through fake job application tools. To combat these threats, users are advised to keep apps updated, only trust reputable sources, and disable unnecessary permissions. Zscaler also emphasizes the need for organizations to adopt zero-trust security measures and enhance protections for IoT devices.