Half-Year Review: Emerging Mobile Threats and Key Trends in 2022

Share this blog

As the saying goes, time is money. While this does remain true, I’d also argue data is money. The mobile phones we carry in our pockets have quickly come to represent our personal ATMs. We use our phones to make purchases, send money, and do banking. On the same note, we now also use our mobile devices to manage our personal and corporate data, the digital gold that we use, produce and manage.

Yet far too many people treat their phones less like ATMs and more like disposable cameras. If the first half of 2022 has taught us anything, it is that this mindset has to change fast.

As we are approaching the second half of the year, we reflected on the past six months and did an analysis of the intelligence we’ve gathered thus far in 2022. I thought it would be helpful to highlight some of the key takeaways from this data.

Mobile apps and risks proliferating.

In a recent survey, respondents were asked which endpoints have the weakest security. 44% said mobile devices were the least secure, making this category the top response. Following up with the second-highest rating, selected by 31% of respondents, was laptops.1

One big reason for these responses is the way applications are managed. Over the years, traditional enterprise endpoints like laptops and desktops would have some rigorous controls in place that restricted the apps that could be installed. Further, there would be mechanisms for ensuring these applications were routinely patched.

In an era of BYOD, those principles aren’t a remote possibility. Users can download any apps they want, and even if a critical application vulnerability is discovered and mitigated, they may not get around to updating their device to the latest version for weeks or even months. Consequently, at any given time, a mobile device may have a plethora of apps that are missing critical patches.

Employees are consumers too.

Many of the threats we discover target consumers directly. For example, a trojan will attempt to deceive a banking customer and gain access to their credentials and, ultimately, their money. However, as one of Zimperium’s threat researchers recently clarified, “In an age of BYOD, there’s no such thing as consumer-grade threats.” In other words, consumers are also employees, and when their mobile devices and apps are compromised, enterprise assets can be too.

In recent years, employees have grown increasingly reliant upon their mobile devices for work, whether to check corporate email, do multi-factor authentication, access files, or any number of other efforts. Unfortunately, while the large-scale trojans and other malware attacks make headlines, that doesn’t mean employees and the enterprises they work for aren’t vulnerable.

Knock one down, find another, repeat.

In tracking advanced malware trends, the analogy of the “whack-a-mole” game immediately comes to mind. Malicious C&C servers keep emerging, and like kids using rubber mallets, security teams and intelligence agencies knock these servers down. However, like whack-a-mole, a new one almost immediately arises. The recent timing of a few malware instances illustrates this dynamic perfectly. According to Europol, the C&C server for FluBot was taken down on June 1, 2022, and the next day, we found out about MaliBot, a new, highly advanced mobile trojan-.

Malware doesn’t really go away. Ever.

When malware and other attack campaigns emerge, the code doesn’t ever really go away. Brata is just one recent example. Brata started as a trojan focused on banking customers in Brazil. However, in recent months, attackers have leveraged Brata to wage attacks on an international scale. Further, they’ve rolled out some incredible functionality. For example, after a successful attack, the malware will launch a factory reset on the phone, completely wiping the device of any trace of malicious activity.

Wannacry is another example of this phenomenon. The initial campaign of the Wannacry variant only affected around 150 endpoints. However, other threat actors took that logic, combined with new code and exploits, and this subsequent campaign is what made front-page news.

Different Town, Different Dangers.

As we examine threat activity worldwide, we see significant regional differences in the nature of attacks being waged. Due to such factors as variances in consumer protection laws, network architectures, user preferences and behaviors, and mobile apps and devices, attacks that work well in one region may not work in another. As a result, we’re seeing malicious actors adapt their approaches for maximum impact. Following are a few examples of the activity we see in various cities.


In London, there’s a very high percentage of man-in-the-middle attacks, which are a common way attackers try to gain access to a target network. We’re also seeing a lot of incidents of scanning, which most likely means attackers are trying to gain intelligence for waging upcoming attacks.

San Francisco

In this region, we see activity centered around technology hubs that exist in city centers and Silicon Valley. We’re also seeing a high incidence of mobile devices being successfully targeted by malware.


Here, we’re seeing man-in-the-middle and malware attacks and a rise in danger zones encountered. We also see that malicious activity tends to be more prevalent around airports and other transit hubs. However, we also see signs of this activity in the city’s outskirts, underscoring that, as they travel back to their residences, commuters are not only bringing their phone, but they’re also bringing vulnerabilities and compromises with them.


A striking pattern emerges in mapping out threats and attacks in Tokyo. The city’s mass-transit-reliant population is being exposed to danger zones along train lines. Both known and unknown malicious networks can cause these danger zones. In prior months, we saw a lot of scanning. Now, this region is witnessing malware, rogue access points, and man-in-the-middle attacks.


Mobile devices play an essential role in how we get work done. Unfortunately, these devices and the users who rely on them continue to be exposed to increasingly sophisticated and persistent attacks. When enterprise teams choose to overlook mobile device and app security, they do so at their peril. To learn more about the current mobile threat landscape of 2022, watch our on-demand webinar as we go more in-depth on these threats and the trends to look out for to prepare for the second half of 2022. View now.

About Zimperium

Zimperium provides the only mobile security platform purpose-built for enterprise environments. With machine learning-based protection and a unified platform that secures everything from applications to endpoints, Zimperium’s solutions provide on-device mobile threat defense and comprehensive in-app protection to protect growing and evolving mobile environments. For more information or to schedule a demo, contact us today.

1 Zimperium, Pulse QA, “Which of the following category of endpoints represents the weakest security in your organization?” 2021

Richard Melick
Mobile Threat Intelligence. View the author's experience and accomplishments on LinkedIn.

Get started with Zimperium today