The mobile threat landscape has undergone a significant transformation, according to Zimperium’s 2025 Global Mobile Threat Report. The report indicates that attackers are increasingly focusing their efforts on mobile devices, which have evolved from being a secondary risk to a primary attack surface for enterprises.
One of the most alarming findings from the report is the rise of mobile phishing, referred to as ‘mishing.’ This type of threat now accounts for one-third of all mobile threats, with SMS phishing (or ‘smishing’) making up over two-thirds of this category. The United States has emerged as the most targeted region, placing American businesses at heightened risk from these sophisticated attacks.
In addition to phishing, the report highlights serious vulnerabilities associated with sideloaded apps and outdated devices. Nearly 25% of enterprise devices contain sideloaded applications installed outside official app stores. These applications frequently include counterfeit or altered versions of legitimate apps that can stealthily steal sensitive data or install malware. Moreover, approximately 25% of mobile devices remain unable to upgrade to the latest operating system versions, leaving them exposed to known exploits.
Another critical point raised in Zimperium’s report is the vulnerability of work applications. The report discovered that 23% of apps utilized on work devices engage with servers located in high-risk or embargoed countries, often communicating sensitive data without proper encryption. To mitigate these risks, Zimperium’s CEO, Shridhar Mittal, suggests that organizations must develop a comprehensive mobile security strategy that includes thorough vetting of both third-party and in-house applications.
The report emphasizes the importance of device attestation as a critical component of mobile security. Even the most secure applications can be compromised if they operate on rooted, jailbroken, or malware-infected devices. To combat this issue, Zimperium advocates for the implementation of device attestation across all critical mobile apps.
As companies continue to embrace mobile technology for productivity and customer engagement, the report warns that cybercriminals have adapted to this mobile-first environment. The importance of implementing robust mobile security measures is underscored by the fact that 70% of organizations support Bring Your Own Device (BYOD) policies and actively develop mobile applications for their workforce and clients.