{"id":3180,"date":"2026-05-18T12:05:09","date_gmt":"2026-05-18T12:05:09","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/"},"modified":"2026-05-18T12:05:09","modified_gmt":"2026-05-18T12:05:09","slug":"it-threat-evolution-in-q1-2026-mobile-statistics","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/","title":{"rendered":"IT threat evolution in Q1 2026. Mobile statistics"},"content":{"rendered":"<div>\n<p><img loading=\"lazy\" width=\"990\" height=\"400\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg\" class=\"attachment-securelist-huge-promo size-securelist-huge-promo wp-post-image\" alt=\"\" decoding=\"async\"><\/p>\n<p>IT threat evolution in Q1 2026. Mobile statistics<br \/>\n<a href=\"https:\/\/securelist.com\/malware-report-q1-2026-pc-iot-statistics\/119828\/\" target=\"_blank\">IT threat evolution in Q1 2026. Non-mobile statistics<\/a><\/p>\n<p>In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except for the statistics on installation packages, which remained unchanged.<\/p>\n<p>To illustrate the differences between the reporting periods, we have also recalculated data for the previous quarters. Consequently, these figures may significantly differ from the previously published ones. However, subsequent reports will employ this new methodology, enabling precise comparisons with the data presented in this post.<\/p>\n<p>The Kaspersky Security Network (KSN) is a global network for analyzing anonymized threat information, voluntarily shared by users of Kaspersky solutions. The statistics in this report are based on KSN data unless explicitly stated otherwise.<\/p>\n<h2 id=\"the-quarter-in-numbers\">The quarter in numbers<\/h2>\n<p>According to Kaspersky Security Network, in Q1 2026:<\/p>\n<ul>\n<li>More than 2.67 million attacks utilizing malware, adware, or unwanted mobile software were prevented.<\/li>\n<li>The Trojan-Banker category was the prevalent mobile malware threat with a 10.86% share of total detections.<\/li>\n<li>More than 306,000 malicious installation packages were discovered, including:\n<ul>\n<li>162,275 packages related to mobile banking Trojans;<\/li>\n<li>439 packages related to mobile ransomware Trojans.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 id=\"quarterly-highlights\">Quarterly highlights<\/h2>\n<p>The number of malware, adware, or unwanted software attacks on mobile devices decreased to 2,676,328 in Q1, down from 3,239,244 in the previous quarter.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/yU55jQjvDQMlsjx26DSL\" data-type=\"interactive\" data-title=\"11 - EN - RU - PT-BR Malware report charts\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Attacks on users of Kaspersky mobile solutions, Q3 2024 \u2014 Q1 2026 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18112014\/1-mobile-en-ru-pt-br-malware-report-charts-1.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>The overall drop in attack volume stems primarily from a reduction in adware and RiskTool detections. Nonetheless, this trend does not equate to a lower risk for mobile users. As shown later in this report, the number of unique users targeted by these threats remained relatively stable.<\/p>\n<p>In Q1, Synthient researchers <a href=\"https:\/\/synthient.com\/blog\/a-broken-system-fueling-botnets\" target=\"_blank\" rel=\"noopener\">identified a link<\/a> between the notorious Kimwolf botnet and the IPIDEA proxy network. This network was later <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/disrupting-largest-residential-proxy-network\" target=\"_blank\" rel=\"noopener\">taken down<\/a> in cooperation with GTIG.<\/p>\n<p>In early 2026, we discovered several apps on Google Play and the App Store that contained a new version of the SparkCat crypto stealer.<\/p>\n<p><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2.png\" class=\"magnificImage\"><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter size-full wp-image-119821\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2.png\" alt=\"\" width=\"1354\" height=\"1101\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2.png 1354w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2-300x244.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2-1024x833.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2-768x624.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2-430x350.png 430w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2-740x602.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2-344x280.png 344w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210718\/malware-report-q1-2026-mobile-statisticsEN2-800x651.png 800w\" sizes=\"(max-width: 1354px) 100vw, 1354px\"><\/a><\/p>\n<p>The Trojan code, meticulously concealed, was embedded into the infected Android apps. The obfuscated malicious Rust library was decrypted using a Dalvik-like virtual machine custom-built by the attackers. The iOS version of the malware also underwent several changes; specifically, the attackers began leveraging Apple\u2019s proprietary Vision framework for optical character recognition (OCR).<\/p>\n<h2 id=\"mobile-threat-statistics\">Mobile threat statistics<\/h2>\n<p>The number of Android malware samples saw a slight increase compared to Q4\u00a02025, reaching a total of 306,070.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/dk7QSEqjUNJkEVFJKS5u\" data-type=\"interactive\" data-title=\"12 - EN - RU - PT-BR Malware report charts\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Detected malicious and potentially unwanted installation packages, Q1 2025 \u2014 Q1 2026 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17210916\/2-mobile-en-ru-pt-br-malware-report-charts.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>The detected installation packages were distributed by type as follows:<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/Spg9unGPrMfnY8nYf0eq\" data-type=\"interactive\" data-title=\"13 - EN Malware report charts\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Detected mobile apps by type, Q4 2025* \u2014 Q1 2026 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17211044\/3-mobile-en-malware-report-charts.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p><em>* Data for the previous quarter may differ slightly from previously published figures due to certain verdicts being retrospectively revised.<\/em><\/p>\n<p>Threat actors once again ramped up the production of new banking Trojans; as a result, this category overtook all others in volume, accounting for more than half of all installation packages.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/v1a6usUtHup6ztNWaTNP\" data-type=\"interactive\" data-title=\"14 - EN - PT-BR Malware report charts\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Share* of users attacked by the given type of malicious or potentially unwanted app out of all targeted users of Kaspersky mobile products, Q4 2025 \u2014 Q1 2026 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17211232\/4-mobile-en-pt-br-malware-report-charts.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p><em>* The total percentage may exceed 100% if the same users encountered multiple attack types.<\/em><\/p>\n<p>Following the surge in banking Trojan installation packages, the number of associated attacks also rose, causing Trojan-Banker apps to climb one spot in terms of their share of targeted users. Mamont variants emerged as the most prevalent banking Trojans, accounting for 73.5% of detections, with the rest of the users encountering Faketoken, Rewardsteal, Creduz, and other families.<\/p>\n<p>Yet banking Trojans were still outpaced by adware and RiskTool-type unwanted apps when measured by the total number of affected users. Despite a decrease in their share of installation packages, these two app types retained their positions as the top two threats by attack volume. The most common adware detections involved HiddenAd (44.9%) and MobiDash (38.1%), while most frequently seen RiskTool apps were Revpn (67%) and SpyLoan (20.5%).<\/p>\n<h2 id=\"top-20-most-frequently-detected-types-of-mobile-malware\">TOP 20 most frequently detected types of mobile malware<\/h2>\n<p><em>Note that the malware rankings below exclude riskware or potentially unwanted software, such as RiskTool or adware.<\/em><\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>Verdict<\/strong><\/td>\n<td><strong>%* Q4\u00a02025<\/strong><\/td>\n<td><strong>%* Q1\u00a02026<\/strong><\/td>\n<td><strong>Difference in p.p.<\/strong><\/td>\n<td><strong>Change in ranking<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Backdoor.AndroidOS.Triada.ag<\/td>\n<td>2.62<\/td>\n<td>7.09<\/td>\n<td>+4.48<\/td>\n<td>+10<\/td>\n<\/tr>\n<tr>\n<td>DangerousObject.Multi.Generic.<\/td>\n<td>6.75<\/td>\n<td>5.84<\/td>\n<td>-0.92<\/td>\n<td>-1<\/td>\n<\/tr>\n<tr>\n<td>DangerousObject.AndroidOS.GenericML.<\/td>\n<td>3.52<\/td>\n<td>5.51<\/td>\n<td>+1.99<\/td>\n<td>+6<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.jo<\/td>\n<td>0.00<\/td>\n<td>5.28<\/td>\n<td>+5.28<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td>Trojan.AndroidOS.Fakemoney.v<\/td>\n<td>5.40<\/td>\n<td>3.44<\/td>\n<td>-1.96<\/td>\n<td>-1<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Downloader.AndroidOS.Keenadu.l<\/td>\n<td>0.00<\/td>\n<td>3.35<\/td>\n<td>+3.35<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.jx<\/td>\n<td>0.00<\/td>\n<td>3.09<\/td>\n<td>+3.09<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td>Backdoor.AndroidOS.Triada.z<\/td>\n<td>4.87<\/td>\n<td>3.08<\/td>\n<td>-1.79<\/td>\n<td>-2<\/td>\n<\/tr>\n<tr>\n<td>Trojan.AndroidOS.Triada.fe<\/td>\n<td>5.01<\/td>\n<td>2.98<\/td>\n<td>-2.02<\/td>\n<td>-4<\/td>\n<\/tr>\n<tr>\n<td>Backdoor.AndroidOS.Keenadu.a<\/td>\n<td>2.07<\/td>\n<td>2.73<\/td>\n<td>+0.66<\/td>\n<td>+6<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.jg<\/td>\n<td>0.34<\/td>\n<td>2.37<\/td>\n<td>+2.03<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td>Trojan.AndroidOS.Triada.hf<\/td>\n<td>2.15<\/td>\n<td>2.23<\/td>\n<td>+0.07<\/td>\n<td>+3<\/td>\n<\/tr>\n<tr>\n<td>Trojan.AndroidOS.Boogr.gsh<\/td>\n<td>2.35<\/td>\n<td>2.15<\/td>\n<td>-0.20<\/td>\n<td>0<\/td>\n<\/tr>\n<tr>\n<td>Trojan.AndroidOS.Triada.ii<\/td>\n<td>5.68<\/td>\n<td>2.07<\/td>\n<td>-3.60<\/td>\n<td>-11<\/td>\n<\/tr>\n<tr>\n<td>Backdoor.AndroidOS.Triada.ae<\/td>\n<td>1.91<\/td>\n<td>1.76<\/td>\n<td>-0.16<\/td>\n<td>+3<\/td>\n<\/tr>\n<tr>\n<td>Backdoor.AndroidOS.Triada.ab<\/td>\n<td>1.79<\/td>\n<td>1.72<\/td>\n<td>-0.08<\/td>\n<td>+3<\/td>\n<\/tr>\n<tr>\n<td>Trojan.AndroidOS.Triada.gn<\/td>\n<td>2.38<\/td>\n<td>1.58<\/td>\n<td>-0.80<\/td>\n<td>-5<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.gg<\/td>\n<td>1.56<\/td>\n<td>1.50<\/td>\n<td>-0.06<\/td>\n<td>+2<\/td>\n<\/tr>\n<tr>\n<td>Trojan.AndroidOS.Triada.ga<\/td>\n<td>1.48<\/td>\n<td>1.50<\/td>\n<td>+0.01<\/td>\n<td>+4<\/td>\n<\/tr>\n<tr>\n<td>Backdoor.AndroidOS.Triada.ad<\/td>\n<td>0.53<\/td>\n<td>1.40<\/td>\n<td>+0.87<\/td>\n<td>+44<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Unique users who encountered this malware as a percentage of all attacked users of Kaspersky mobile solutions.<\/em><\/p>\n<p>The pre-installed Triada.ag backdoor rose to the top spot; it is similar to the older Triada.z version <a href=\"https:\/\/securelist.com\/triada-trojan-modules-analysis\/116380\/\">we documented previously<\/a>. Because the same variant was pre-installed across a wide range of devices, the total number of affected users is aggregated. Consequently, Triada outpaced even Mamont, as users encountered a variety of Mamont variants, causing the share of that banking Trojan to spread across multiple rows. Other pre-installed Triada variants (Triada.z, Triada.ae, Triada.ab, and Triada.ad) also made the rankings. Furthermore, we observed increasing activity from the Keenadu.a backdoor, while diverse variants of the embedded Triada Trojan remained in the rankings.<\/p>\n<h2 id=\"mobile-banking-trojans\">Mobile banking Trojans<\/h2>\n<p>Q1\u00a02026 saw a characteristic rise in mobile banking Trojan activity, with the number of packages totaling\u00a0162,275, a 50% increase compared to the prior quarter.<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/gzHxjEAEKZ1ryfjFf8Tl\" data-type=\"interactive\" data-title=\"15 - EN - RU - PT-BR Malware report charts\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Number of installation packages for mobile banking Trojans detected by Kaspersky, Q1 2025 \u2014 Q1 2026 (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/17211445\/5-mobile-en-ru-pt-br-malware-report-charts.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<p>We saw a similar growth in the previous quarter, with banking Trojan volumes rising by 50% during that period as well. Various Mamont variants accounted for the absolute majority of packages and represented nearly every entry in the rankings of most frequent banking Trojans by affected user count.<\/p>\n<h3 id=\"top-10-mobile-bankers\">TOP 10 mobile bankers<\/h3>\n<table>\n<tbody>\n<tr>\n<td><strong>Verdict<\/strong><\/td>\n<td><strong>%* Q4\u00a02025<\/strong><\/td>\n<td><strong>%* Q1\u00a02026<\/strong><\/td>\n<td><strong>Difference in p.p.<\/strong><\/td>\n<td><strong>Change in ranking<\/strong><\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.jo<\/td>\n<td>0.00<\/td>\n<td>15.75<\/td>\n<td>+15.75<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.jx<\/td>\n<td>0.00<\/td>\n<td>9.22<\/td>\n<td>+9.22<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.jg<\/td>\n<td>1.47<\/td>\n<td>7.08<\/td>\n<td>+5.61<\/td>\n<td>+24<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.gg<\/td>\n<td>6.79<\/td>\n<td>4.48<\/td>\n<td>-2.32<\/td>\n<td>-3<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.ks<\/td>\n<td>0.00<\/td>\n<td>3.98<\/td>\n<td>+3.98<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Agent.ws<\/td>\n<td>6.03<\/td>\n<td>3.78<\/td>\n<td>-2.25<\/td>\n<td>-2<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.hl<\/td>\n<td>4.30<\/td>\n<td>3.27<\/td>\n<td>-1.03<\/td>\n<td>+1<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.iv<\/td>\n<td>6.00<\/td>\n<td>3.08<\/td>\n<td>-2.92<\/td>\n<td>-3<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.jb<\/td>\n<td>3.93<\/td>\n<td>3.07<\/td>\n<td>-0.86<\/td>\n<td>+1<\/td>\n<\/tr>\n<tr>\n<td>Trojan-Banker.AndroidOS.Mamont.jv<\/td>\n<td>0.00<\/td>\n<td>2.79<\/td>\n<td>+2.79<\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>* Unique users who encountered this malware as a percentage of all users of Kaspersky mobile security solutions who encountered banking threats.<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>IT threat evolution in Q1 2026. Mobile statistics IT threat evolution in Q1 2026. Non-mobile statistics In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except for the statistics on installation packages, which remained unchanged. To [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[663,1031,90,662,747,667,744,745,748,664,670,1161,666,236,235],"tags":[91],"class_list":["post-3180","post","type-post","status-publish","format-standard","hentry","category-adware","category-app-store","category-cybersecurity","category-google-android","category-google-play","category-keenadu","category-malware-reports","category-malware-statistics","category-mamont","category-mobile-malware","category-mobile-threats","category-sparkcat","category-triada","category-trojan","category-trojan-banker","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>IT threat evolution in Q1 2026. Mobile statistics - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IT threat evolution in Q1 2026. Mobile statistics - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"IT threat evolution in Q1 2026. Mobile statistics IT threat evolution in Q1 2026. Non-mobile statistics In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except for the statistics on installation packages, which remained unchanged. To [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-18T12:05:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"IT threat evolution in Q1 2026. Mobile statistics\",\"datePublished\":\"2026-05-18T12:05:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/\"},\"wordCount\":1060,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Adware\",\"App Store\",\"Cybersecurity\",\"Google Android\",\"Google Play\",\"Keenadu\",\"Malware reports\",\"Malware Statistics\",\"Mamont\",\"Mobile Malware\",\"Mobile threats\",\"SparkCat\",\"Triada\",\"Trojan\",\"Trojan Banker\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/\",\"name\":\"IT threat evolution in Q1 2026. Mobile statistics - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg\",\"datePublished\":\"2026-05-18T12:05:09+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#primaryimage\",\"url\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg\",\"contentUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IT threat evolution in Q1 2026. Mobile statistics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"IT threat evolution in Q1 2026. Mobile statistics - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/","og_locale":"en_US","og_type":"article","og_title":"IT threat evolution in Q1 2026. Mobile statistics - Imperative Business Ventures Limited","og_description":"IT threat evolution in Q1 2026. Mobile statistics IT threat evolution in Q1 2026. Non-mobile statistics In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except for the statistics on installation packages, which remained unchanged. To [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-05-18T12:05:09+00:00","og_image":[{"url":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"IT threat evolution in Q1 2026. Mobile statistics","datePublished":"2026-05-18T12:05:09+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/"},"wordCount":1060,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#primaryimage"},"thumbnailUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg","keywords":["Cybersecurity"],"articleSection":["Adware","App Store","Cybersecurity","Google Android","Google Play","Keenadu","Malware reports","Malware Statistics","Mamont","Mobile Malware","Mobile threats","SparkCat","Triada","Trojan","Trojan Banker"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/","name":"IT threat evolution in Q1 2026. Mobile statistics - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#primaryimage"},"thumbnailUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg","datePublished":"2026-05-18T12:05:09+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#primaryimage","url":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg","contentUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/05\/18111316\/malware-report-q1-2026-featured-image-990x400.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/05\/18\/it-threat-evolution-in-q1-2026-mobile-statistics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"IT threat evolution in Q1 2026. Mobile statistics"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=3180"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3180\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=3180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=3180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=3180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}