That Android’s 3.3 billion users face a myriad of cyber threats is not a surprise to anyone. There’s malware that can steal your photo gallery, the UNC6040 attacks that prompted Google to issue a threat intelligence warning, and, of course, the multitude of AI-powered attack threats. But, at the center of all of this cyberattack activity sits one thing: SMS. Google has already issued advice on how to mitigate the dangers of recent SMS Blaster attacks, where the hacker doesn’t even need to know your phone number. Now, a Malwarebytes threat analysis has uncovered an alarming 692% surge in SMS-based attacks against Android users. Here’s what you need to know.
Android Threat Landscape Enters New And Dangerous Phase
According to threat intelligence analysts at Malwarebytes, the Android threat landscape is not just evolving, it is entering an entirely new phase of its evolution. Pieter Arntz, a malware intelligence researcher at Malwarebytes, this represents “an era marked not just by volume, but by coordination and precision.” Android attackers aren’t “throwing malware at users and hoping for results,” Arntz warned, but they are “building ecosystems.”
The June 30 Malwarebytes Labs report analyzed Android threats across the first six months of 2025, and found that Android threats as a whole have risen by 151%. However, it’s when you start digging into the specific threat types that some worrying trends emerge.
Spyware has seen 147% increase, with February and March taking the biggest brunt as a 4 times multiplication of the baseline was observed.
But it is the SMS attack landscape that worries me, and Arntz, the most. Between April and May there was an incredible 692% surge in SMS-based malware attacks. Although there are seasonal factors to consider, with it being the tax seasons and all, Arntz said the surge was “a jump that we can’t just chalk up to coincidence.” Instead, Arntz sees this as reflecting a shift in strategy from the attackers who are scaling their operations to exploit “both human psychology and systemic weak points.“
Android attackers are “playing the long game now — developing monetization strategies for every type of data they can harvest; every user behavior they can exploit,” Shahak Shalev, senior director of research and development for online platforms at Malwarebytes, warned.
Mitigating The Android SMS Attack Surge
To protect yourself, and your Android devices, from the latest SMS attacks, you should employ the following mitigations:
Always use the official Google Play store to download your Android apps.
Take care when granting permissions to a new app. Permissions like “Display over other apps” should particularly raise a red flag, Arntz warns, as they can be used to intercept login credentials.
SMS Blaster attacks us 2G networks, so disable 2G from your Android settings.
Run a Google Security Checkup on your Android smartphone to ensure your Google account, a prime target for attackers, is as secure as possible.
