Zimperium has issued a stark warning to organisations worldwide: Mobile credential theft is accelerating and the wave is far from over.
Looking back over the past year, Zimperium’s global telemetry revealed that more than 2,400 variants of mobile malware specifically engineered to steal login credentials and intercept multi‑factor authentication (MFA) codes.
These attacks are reportedly powered by ‘mishing’ (mobile‑focused phishing) campaigns and sideloaded apps that silently harvest access keys from the very devices employees rely on every day.
Nicolás Chiaraviglio, Chief Scientist, Zimperium commented: “Massive breaches are no longer starting on desktops, they’re starting in your pocket.
“What we saw last year is only the beginning. Organisations must take mobile security seriously to stop credential‑stealing malware before it compromises enterprise resources.”
Families like TriaStealer, TrickMo, AppLite, Triada and SMS Stealer reportedly show how attackers exploit mobile devices – intercepting one‑time passwords, hijacking messaging apps and exfiltrating sensitive data without detection.
Zimperium warns that the rise in mobile credential theft in 2024 is not an isolated spike; it signals a fundamental shift in how attackers operate.
As mobile usage in the workforce continues to climb, these threats will only multiply.
Chiaraviglio added: “Enterprises can no longer treat mobile as secondary in their security strategies.
“If your mobile defences aren’t proactive and real‑time, you’re leaving the keys to your business exposed.”
