Zimperium Identifies 2,400+ Malware Variants Targeting Logins and MFA

Dallas, TX: Zimperium has issued a stark warning to organizations worldwide: mobile‑based credential theft is accelerating, and the wave is far from over.

Looking back over the past year, Zimperium’s global telemetry revealed more than 2,400 variants of mobile malware specifically engineered to steal login credentials and intercept multi‑factor authentication (MFA) codes. These attacks are powered by mishing (mobile‑focused phishing) campaigns and sideloaded apps that silently harvest access keys from the very devices employees rely on every day.

“Massive breaches are no longer starting on desktops, they’re starting in your pocket,” said Nicolás Chiaraviglio, Chief Scientist at Zimperium. “What we saw last year is only the beginning. Organizations must take mobile security seriously to stop credential‑stealing malware before it compromises enterprise resources.”

Key Trends From the Past Year

• Credential theft was tied to 16% of cyberattacks in 2024, up from 10% in 2023
• Attacks spread through mishing campaigns and sideloaded apps, often disguised as legitimate tools
• Major hotspots include Southeast Asia, but detections are global in scope
• Targeted industries: finance, retail, and software, where stolen credentials have immediate value

Families like TriaStealer, TrickMo, AppLite, Triada, and SMS Stealer show how attackers exploit mobile devices—intercepting one‑time passwords, hijacking messaging apps, and exfiltrating sensitive data without detection.

A Warning for 2025 and Beyond
The rise in mobile credential theft in 2024 is not an isolated spike; it signals a fundamental shift in how attackers operate. As mobile usage in the workforce continues to climb, these threats will only multiply.

Chiaraviglio added, “Enterprises can no longer treat mobile as secondary in their security strategies. If your mobile defenses aren’t proactive and real‑time, you’re leaving the keys to your business exposed.”