Threat Actors See Bigger Return for Smaller Devices
The Growing Threat of Mobile Malware
-
11月 04, 2025
-
Mobile devices have become indispensable to modern life, supporting both personal connectivity and professional operations. This ubiquity has made them high-value targets for threat actors motivated by political, financial or strategic objectives.
The rise of mobile malware represents a critical and escalating risk within the cybersecurity landscape. Increasingly, these attacks are highly targeted, focusing on executives, government officials, and other individuals of strategic importance. Successful campaigns allow threat actors to exfiltrate sensitive information, monitor private communications, track physical movements and circumvent established security controls. The result is not only a direct compromise of personal privacy and safety but also a potential threat to organizational resilience and even national security.
Since the exposure of high-profile mobile malware incidents in 2018, new variants and techniques have continued to surface, underscoring a persistent and evolving threat landscape that shows no sign of slowing.1 Recent vulnerability disclosures from both WhatsApp (CVE-2025-55177) and Apple (CVE-2025-43300) demonstrate the ongoing prevalence of this type of mobile malware incident. Messaging applications and the underlying system processes that handle rich content continue to be prime targets of threat actors, regardless of the pace of security updates and enhancements released by vendors.
Senior executives and high-profile individuals must recognize these risks and take proactive measures to ensure devices under their control remain properly secured, as the threat environment advances.
Why Mobile Devices Are Prime Targets
Mobile devices contain a vast amount of information, including private communications, trade secrets, protected client data and confidential knowledge. Beyond storing sensitive personal and professional material, these devices often provide access to corporate networks and business-critical systems, serving as a gateway to highly valuable organizational assets.
Once compromised, a mobile device can be transformed into a powerful surveillance tool, allowing threat actors to intercept communications, track real-time geolocation, capture sensitive data and even covertly activate the device as an ad hoc listening device or “bug.”
Beyond surveillance, threat actors can also leverage the compromised device to launch additional attacks, including harvesting credentials, bypassing security measures such as multi-factor authentication or pivoting deeper into the corporate infrastructure. A single compromised device can potentially have a far-reaching impact on an organization.
Unlike traditional enterprise assets, mobile devices often operate with weaker security controls and limited oversight. Systems designed to detect and prevent mobile malware attacks are often not aligned with the latest threat variant, and mobile devices tend to be patched less frequently, leaving them exposed to known vulnerabilities. Combined with their near-universal adoption, this creates an enormous attack surface that provides threat actors with multiple opportunities for exploitation.
How Threat Actors Gain Access
Threat actors are increasingly compromising mobile devices through advanced techniques such as zero-click exploits.2 In these attacks, maliciously crafted messages can be delivered via a messaging app, voice call or email, injecting malicious code upon receipt and requiring no interaction with the victim. These exploits are engineered to bypass built-in security controls by targeting vulnerabilities in the way mobile operating systems process incoming content. In certain cases, threat actors have embedded malicious code in media files such as images, GIFs, or audio clips to evade protections and gain elevated control of the device.
Modern mobile malware is deliberately designed to remain hidden, even from industry-leading detection tools. Many operate entirely within device memory, leaving little to no forensic trace of compromise. Advanced variants also incorporate self-destruct mechanisms, wiping away their presence if tampering is detected, security tools attempt analysis or communication with the threat actor’s network infrastructure lapses for a set period.
These capabilities create a class of malware that is both highly effective and extraordinarily difficult to detect. Victims often remain unaware of an infection until substantial damage has already occurred. This reality underscores the critical importance of awareness, proactive defense and stronger protections against mobile malware threats.
FTI Cybersecurity’s Investigative Findings
FTI Consulting’s Cybersecurity team has been at the forefront of identifying behaviors that define today’s most advanced mobile malware. Through our forensic work across a wide range of industries, we have consistently uncovered evidence of attacks designed to operate primarily within device memory, leaving little to no trace on traditional file systems. These techniques are the hallmarks of the threat landscape that organizations face today.
Our investigations span multiple generations of mobile phone technology and reveal that threat actors continually evolve their methods to overcome each new layer of security. The techniques we have documented in the field directly align with the kinds of behaviors that, as an example, Apple now seeks to counter current efforts by threat actors through its Memory Integrity Enforcement (“MIE”) initiative, which implements advanced, hardware-level protections in direct response to mobile malware threats.3 In this sense, these enhanced security measures confirm the severity of the threats we have been tracking and responding to on behalf of our clients.
By correlating observed attack behaviors with known tactics, techniques and procedures, our findings provide clear evidence of the persistence and sophistication of mobile malware campaigns. The MIE initiative represents an important step forward, but it also underscores the need for organizations to remain vigilant, as threat actors have consistently demonstrated their ability to adapt.
Protecting Mobile Devices
For individuals and organizations, the first step in mitigating mobile malware risk is understanding exposure. Consider the following:
- Do you or your executives handle sensitive financial, trade or client data?
- Does your leadership team travel frequently, especially to high-risk regions?
- Are mobile devices regularly scanned and monitored for signs of compromise?
- What policies govern the use of personal devices for corporate work?
- Have you observed unexplained leaks of sensitive or non-public information?
These questions help establish a baseline understanding of your attack surface and highlight the importance of proactive defenses. Given the persistence of these threats, and the fact that even industry leaders are reengineering hardware to respond, organizations must adopt a forward-looking security approach to stay ahead of threat actors.
Once their risks are understood, organizations should focus on reducing exposure: maintain an up-to-date inventory of devices, enforce regular software updates and hardware refreshes, retire outdated models, monitor for unusual behavior and ensure high-value personnel receive enhanced oversight.
What Next?
As mobile devices remain central to everyday life, the threat of mobile malware will persist, and it continues building momentum. Threat actors are resourceful and determined, continually developing new exploits that can outpace even the most advanced protections.
This reality makes mobile device security a critical priority, not an afterthought. Without proper safeguards, sensitive information, intellectual property, trade secrets and confidential communications remain vulnerable, creating cascading risks for both individuals and organizations alike. Prioritizing mobile security today is essential to protect what matters most tomorrow.
Footnotes:
1: Gatlan, Sergiu, “Malicious Mobile Software Attacks Almost Doubled in 2018,” Bleeping Computer (March 5, 2019).
2: ““Mobile NotPetya”: Spyware Zero-Click Exploit Development Increases Threat of Wormable Mobile Malware,” Recorded Future (April 16, 2024).
3: “Memory Integrity Enforcement: A complete vision for memory safety in Apple devices,” Apple Security Engineering and Architecture (September 9, 2025).
関連するインサイト
Related Information
出版
11月 04, 2025
主な連絡先
マネージング・ディレクター