Why Samsung Phones Are Failing Emergency Calls In Australia
We’re taught how to call emergency numbers from a young age; whether it be 911 in the US, 999 in the UK, or 000 in Australia. The concept is simple—if you need aid from police, fire, or ambulance, you pick up a phone and dial and help will be sent in short order.
It’s a service many of us have come to rely on; indeed, it’s function can swing the very balance between life or death. Sadly, in Australia, that has come to pass, with a person dying when their Samsung phone failed to reach the Triple Zero (000) emergency line. It has laid bare an obscure technical issue that potentially leaves thousands of lives at risk.
Peril
Australia’s Triple Zero emergency service becoming a hot-button issue. September 2025 saw widespread failures of emergency calls on the Optus network, an incident that was tied to at least three deaths of those unable to reach help. A series of further isolated cases have drawn more attention to edge case failures that have prevented people from reaching emergency services.
A bigger potential issue with the Triple Zero service has since bubbled up with the increased scrutiny on the system’s operation. Namely, the fact that a huge swathe of older Samsung smartphones cannot be trusted to successfully call 000 in an emergency. The potential issue has been on the radar of telcos and authorities since at least 2024. Since then, on November 13 2025, an individual in Sydney passed away after their phone failed to dial the emergency line. Their phone was using a Lebara SIM card, as managed by TPG and using the Vodafone network, when the incident occurred. Subsequent investigation determined that the problem was due to issues already identified with a wide range of Samsung phones.
The issue surrounds the matter of Australia’s shutdown of 3G phone service, which took place from 2023 to 2024. If you had a 3G phone, it would no longer be able to make any calls after the networks were shut down. Common sense would suggest that phones with 4G and 5G connectivity would be fine going forward. However, there was a caveat. There were a number of phones sold that offered 4G or 5G data connections, but could not actually make phone calls on these networks. This was due to manufacturers failing to implement Voice-over-LTE (VoLTE) functionality required to carry voice calls over 4G LTE networks. Alternatively, in some cases, the 4G or 5G handset could make VoLTE calls, but would fail to make emergency calls in certain situations.
Communication Breakdown
It all comes down to the way voice calls work on 4G and 5G. Unlike earlier 2G and 3G cellular networks, 4G and 5G networks are data only. Phone calls are handled through VoLTE, which uses voice-over-IP technology, or using Voice over NR (VoNR) in a purely 5G environment. Either way, the system is a data-based, packet-switched method of connecting a phone call, unlike the circuit-switched methods used for 2G and 3G calling.
The problem with this is that while 2G and 3G emergency calls worked whenever you had a tower nearby, VoLTE calling is more complex and less robust. VoLTE standards don’t guarantee that a given handset will be interoperable with all LTE networks, particularly when roaming. A given handset might only like IPv4, for example, which may be fine in its home region on its regular carrier. However, when roaming, or when doing an emergency call, that handset might find itself only in range of a different network’s towers, which only like IPv6, and thus VoLTE calling will fail. There are any number of other configuration mismatches that can occur between a handset and a network that can also cause VoLTE calling to fail.
Usually, when you’re in range of your phone’s home network with a modern 4G or 5G handset, you won’t have any problems. Your phone will use its VoLTE settings profile to connect and the emergency call will go through. After all, older models with no VoLTE support have by and large been banned from networks already. However, the situation gets more complex if your home network isn’t available. In those cases, it will look to “camp on” to another provider’s network for connectivity. In this case, if the phone’s VoLTE settings aren’t compatible with the rival network, the call may fail to connect, and you might find yourself unable to reach emergency services.
Specifically, in the Australian case, this appears to affect a range of older Samsung phones. Testing by telecommunications company Telstra found that some of these phones were unable to make Triple Zero emergency calls when only the Vodafone network was available. These phones will happily work when a Telstra or Optus network is available, but fallback to the Vodafone network has been found to fail. Research from other sources has also identified that certain phones can reach Triple Zero when using Telstra or Optus SIM cards, but may fail when equipped with a Vodafone SIM.
For its part, Samsung has provided a list of models affected by the issue. Some older phones, mostly from 2016 and 2017, will need to be replaced, as they will not be updated to reliably make emergency calls over 4G networks. Meanwhile, newer phones, like the Galaxy S20+ and Galaxy S21 Ultra 5G, will be given software updates to enable reliable emergency calling. Telecom operators have been contacting users of affected phones, indicating they will need to replace or upgrade as necessary. Devices that are deemed to be unable to safely make emergency calls will be banned from Australian mobile networks 28 days after initial notification to customers.
Broader Problem
This issue is not limited to just Australia. Indeed, European authorities have been aware of issues with VoLTE emergency calling since at least 2022. Many phones sold in European markets are only capable of making emergency calls on 2G and 3G networks, and could fail to reach emergency services if only 4G connections are available. This issue was particularly noted to be a risk when roaming internationally, where a handset sold in one country may prove inoperable with VoLTE calling on a foreign network.
Some blame has been laid on the loose standardization of the VoLTE standard. Unlike 2G and 3G standards, global interoperability is pretty much non-existent when it comes to phone calls. This wasn’t seen as a big issue early on, as when 4G devices first hit the market, 2G and 3G phone networks were readily available to carry any voice calls that couldn’t be handled by VoLTE. However, with 2G and 3G networks shutting down, the lack of VoLTE standardization and interoperability between carriers has been laid bare.
While Australia is currently tangling with this issue, expect it to crop up in other parts of the world before long. Europe is currently working towards 2G and 3G shutdowns, as our other jurisdictions, and issues around roaming functionality still loom large for those taking handsets overseas. Ultimately, end users will be asking a very simple question. If 2G and 3G technologies could handle emergency calls on virtually any compatible network around the world, how did it go so wrong when 4G and 5G rolled around? Old networks existed as a crutch that avoided the issue for a time, but they were never going to last forever. It surely didn’t have to be this way.
Il nuovo video di Pasta Grannies: youtube.com/shorts/NZuG-sJSmqI
@Cucina e ricette
(HASHTAG)
Cucina e ricette reshared this.
Karsten Wildberger: Digitale Souveränität ganz, ganz wichtig – nur nicht bei Palantir
netzpolitik.org/2025/karsten-w…
Smart Bandage Leverages AI Model For Healing Purposes
If you get a small cut, you might throw a plastic bandage on it to help it heal faster. However, there are fancier options on the horizon, like this advanced AI-powered smart bandage.
Researchers at UC Santa Cruz have developed a proof-of-concept device called a-Heal, intended for use inside existing commercial bandages for colostomy use. The device is fitted with a small camera, which images the wound site every two hours. The images are then uploaded via a wireless connection, and processed with a machine learning model that has been trained to make suggestions on how to better stimulate the healing process based on the image input. The device can then follow these recommendations, either using electrical stimulation to reduce inflammation in the wound, or supplying fluoxetine to stimulate the growth of healthy tissue. In testing, the device was able to improve the rate of skin coverage over an existing wound compared to a control.
The long-term goal is to apply the technology in a broader sense to help better treat things like chronic or infected wounds that may have difficulty healing. It’s still at an early stage for now, but it could one day be routine for medical treatment to involve the use of small smart devices to gain a better rolling insight on the treatment of wounds. It’s not the first time we’ve explored innovative methods of wound care; we’ve previously looked at how treatments from the past could better inform how we treat in future.
Omnibus digitale: La Commissione UE vuole distruggere i principi fondamentali del GDPR
La Commissione europea ha pubblicato la sua proposta per il "Digital Omnibus". Le modifiche previste al GDPR ridurrebbero le tutele per i cittadini europei
mickey19 November 2025
Ecco il Digital Omnibus, la grande semplificazione: cosa cambia per Gdpr, AI
@Informatica (Italy e non Italy 😁)
Uscito il testo del Digital Omnibus, il primo grande intervento di semplificazione su regole digitali europee, con modifiche mirate al GDPR che toccano dato personale, ricerca scientifica, intelligenza artificiale e dati pseudonimizzati, nel tentativo di ridurre
Informatica (Italy e non Italy 😁) reshared this.
possibile.com/alberto-trentini…
L’immobilismo del governo Meloni non può essere tollerato, facciamo pressione, chiediamo che si attivi e adoperi ogni strumento diplomatico necessario alla sua liberazione.
L'articolo Alberto Trentini, dal governo un anno di silenzio intollerabile proviene da
possibile.com/druetti-marro-ca…
Il 20 novembre alle ore 16.00, presso la Sala Nassirya del Senato, si terrà la conferenza stampa “Io Coltivo: che fine ha fatto la proposta di legge
possibile.com/piantedosi-facci…
Chiediamo che il Governo abbandoni rinvii e ambiguità e si assuma la responsabilità di rendere l’Italia una democrazia più accessibile e inclusiva. Invitare al voto è importante; permettere davvero a tutte e tutti di votare lo è ancora di più.
L'articolo Piantedosi, faccia votare i fuorisede proviene da Possibile.
possibile.com/ahmad-salem-libe…
Salem è un ragazzo palestinese, da sei mesi detenuto in regime di alta sicurezza in un carcere della nostra regione per aver denunciato il genocidio che il suo popolo stava e sta subendo per mano di Israele.
L'articolo Ahmad Salem libero: la mobilitazione per la Palestina non è reato proviene da
In fondo, Nordio è stato sincero!
@Giornalismo e disordine informativo
articolo21.org/2025/11/in-fond…
Un grazie sincero al ministro Nordio che, mai come questa volta, ha parlato in modo sobrio, puntuale, senza ambiguità alcuna. Cosa c ‘é di male, ci ha fatto sapere a riprendere e attuare le cose buone del progetto di Licio Gelli, promotore di quella loggia che aveva tra i suoi
Giornalismo e disordine informativo reshared this.
possibile.com/basta-tagli-pres…
Oggi in piazza a Roma insieme a tanti amministratori e amministratrici da tutta Italia per partecipare al presidio organizzato da Alleanza Verdi e Sinistra che denuncia i tagli agli enti locali fatti dal governo Meloni.
L'articolo Basta tagli: al presidio AVS contro i tagli agli enti locali proviene da Possibile.
Cloudflare down, il problema è la fragilità delle infrastrutture critiche: ecco le soluzioni da adottare
@Informatica (Italy e non Italy 😁)
Il disservizio di Cloudfare è un down che si ripercuote su gran parte della Rete, perché l'azienda offre i servizi a un quinto dei siti web nel mondo (tra cui ChatGPT, X e Spotify). Ma la vera criticità
Informatica (Italy e non Italy 😁) reshared this.
Allarmi cyber, 80 attacchi al giorno contro l’Italia. Serve più difesa digitale
@Notizie dall'Italia e dal mondo
Non è più il tempo di soli sistemi anti missile o bunker sotto terra. La nuova guerra si combatte a colpi di attacchi ibridi al fine di destabilizzare le infrastrutture sociali di un Paese, per questa ragione va approntata una difesa digitale a 360 gradi non più
Notizie dall'Italia e dal mondo reshared this.
Attacco al Gruppo Ferrovie dello Stato e Almaviva SpA: cosa sappiamo sul data leak
@Informatica (Italy e non Italy 😁)
Un threat actor negli scorsi giorni ha rivendicato e diffuso online 2,3 TB di dati interni esfiltrati da infrastrutture che contengono documenti di Almaviva SpA e Gruppo FS. La nota di Almaviva: "immediatamente attivate le procedure di
reshared this
Mattarella sotto attacco, Gelli riabilitato da Nordio. Come reagire?
@Giornalismo e disordine informativo
articolo21.org/2025/11/mattare…
Ripetitività ossessiva di Teleradio Meloni sul cosiddetto ‘Caso Mattarella’, liquidato come ‘ridicolo’ dal Quirinale. Al contrario passata sotto silenzio l’incredibile,
Giornalismo e disordine informativo reshared this.
Poliversity - Università ricerca e giornalismo reshared this.
per chi si domandasse cos'è la scrittura asemica, due link rapidissimi:
it.wikipedia.org/wiki/Scrittur…
reshared this
Danimarca: crollano i socialdemocratici, a Copenaghen vince la sinistra
@Notizie dall'Italia e dal mondo
A Copenaghen ed in altre città della Danimarca crollano i socialdemocratici, puniti per la loro svolta a destra, e avanzano diversi partiti di sinistra più o meno radicale
L'articolo Danimarca: crollano i socialdemocratici, a Copenaghen vince la sinistra proviene da
Notizie dall'Italia e dal mondo reshared this.
La P2 continua ad accompagnare le sorti della nostra democrazia
@Giornalismo e disordine informativo
articolo21.org/2025/11/la-p2-c…
Probabilmente il ministro della Giustizia Carlo Nordio è l’unico magistrato a non conoscere il Piano di Rinascita Democratica di Licio Gelli. Eppure tra i tanti incarichi ricoperti da
Giornalismo e disordine informativo reshared this.
Truffe online sfruttano la condivisione schermo di WhatsApp: come difendersi
@Informatica (Italy e non Italy 😁)
Una nuova tattica ingannevole sta inducendo le persone a condividere lo schermo del proprio telefono durante una videochiamata su WhatsApp per rubare dati, identità e il loro denaro. Un meccanismo di truffa particolarmente efficace da cui è
Informatica (Italy e non Italy 😁) reshared this.
Cloudflare si scusa e spiega cos'è successo ieri: il peggior down dal 2019
Cloudflare ha spiegato la causa della grave interruzione globale dei servizi: una modifica alle autorizzazioni di un database ha generato file di configurazione corrotti nel sistema di Bot Management, mandando in crash i proxy e rendendo irraggiungib…Hardware Upgrade
Trump tra insulti e aggressività, gli attacchi a giornalisti e rivali
[quote]NEW YORK – Offese rivolte alle donne, alle persone con disabilità e anche ai suoi avversari. Gli insulti e le umiliazioni sembrano essere parte integrante della comunicazione del presidente degli…
L'articolo Trump tra insulti e aggressività, gli attacchi a giornalisti e rivali su
Manovra, si tratta. La Lega rilancia sulle pensioni. Ipotesi condono “largo” fino al 2025
Alle 16 il termine per l'indicazione degli emendamenti segnalati, cioè quelli per i quali i gruppi chiedono un esame in via prioritaria
L'articolo Manovra, si tratta. La Lega rilancia sulle pensioni. Ipotesi condono “largo” fino al 2025 su Lumsanews.
Trump tra insulti e aggressività, gli attacchi a giornalisti e rivali (Il Fatto del giorno)
[quote]a cura di Irene Di Castelnuovo
L'articolo Trump tra insulti e aggressività, gli attacchi a giornalisti e rivali (Il Fatto del giorno) su lumsanews.it/trump-tra-insulti…
Space&Underwater, il 3 dicembre la Conferenza a Roma. Tra gli speaker Samantha Cristoforetti
@Informatica (Italy e non Italy 😁)
Nel contesto geopolitico come affrontare e vincere le sfide per la Cybersecurity nello Spazio e nella Dimensione Subacquea? Sono due domìni sempre più strategici e interconnessi da cui dipendono sia la continuità delle transazioni
Informatica (Italy e non Italy 😁) reshared this.
Difesa comune, perché l’innovazione non è più un’opzione
@Notizie dall'Italia e dal mondo
L’incontro promosso da Sopra Steria Italia e dall’Ambasciata di Francia a Palazzo Farnese ha mostrato come la difesa europea stia vivendo una stagione in cui innovazione, governance dei dati e capacità industriali procedono insieme. La discussione tra istituzioni italiane e francesi, vertici militari e
Notizie dall'Italia e dal mondo reshared this.
Medici per i diritti umani denuncia uccisioni prigionieri di Gaza nelle carceri israeliane
@Notizie dall'Italia e dal mondo
Il rapporto, "Deaths of Palestinians in Israeli custody: enforced disappearances, systematic killings and cover-ups", descrive una macchina repressiva che con l’inizio dell'offensiva contro Gaza ha acquisito una violenza
Notizie dall'Italia e dal mondo reshared this.
Klimt da record, il ritratto di Elizabeth Lederer venduto per 236 milioni di dollari
[quote]NEW YORK – La produzione artistica di Gustav Klimt segna un nuovo primato. Il ritratto di Elizabeth Lederer, opera del pittore austriaco, è stato battuto da Sotheby’s per 236 milioni…
L'articolo Klimt da record, il ritratto di Elizabeth Lederer venduto per 236 milioni
Pioggia di droni russi Ucraina. Zelensky vola in Turchia, Mosca allontana un piano di pace
[quote]KIEV – Sale ancora il bilancio dei morti nel massiccio attacco russo di stanotte, 19 novembre, in Ucraina. Nella città di Ternopil il conteggio delle vittime è arrivato a sedici,…
L'articolo Pioggia di droni russi Ucraina. Zelensky vola in Turchia, Mosca
Caso Trentini, Tajani alla famiglia: “Lavoriamo senza sosta per la sua liberazione”
[quote]ROMA – “La famiglia Trentini deve sapere che lavoriamo e lavoreremo: non lo abbiamo dimenticato”. Risponde così il ministro degli Esteri Antonio Tajani alle critiche che la famiglia del cooperante…
L'articolo Caso Trentini, Tajani alla famiglia: “Lavoriamo senza sosta per
I mercati temono la bolla dell’IA dopo il monito di Google. Cresce l’attesa per la trimestrale Nvidia
Rischio di esplosione per la bolla dell'intelligenza. Mercati internazionali sotto pressione
L'articolo I mercati temono la bolla dell’IA dopo il monito di Google. Cresce l’attesa per la trimestrale Nvidia su Lumsanews.
IT threat evolution in Q3 2025. Mobile statistics
IT threat evolution in Q3 2025. Non-mobile statistics
The quarter at a glance
In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except for the statistics on installation packages, which remained unchanged.
To illustrate the differences between the reporting periods, we have also recalculated data for the previous quarters. Consequently, these figures may significantly differ from the previously published ones. However, subsequent reports will employ this new methodology, enabling precise comparisons with the data presented in this post.
The Kaspersky Security Network (KSN) is a global network for analyzing anonymized threat information, voluntarily shared by users of Kaspersky solutions. The statistics in this report are based on KSN data unless explicitly stated otherwise.
The quarter in numbers
According to Kaspersky Security Network, in Q3 2025:
- 47 million attacks utilizing malware, adware, or unwanted mobile software were prevented.
- Trojans were the most widespread threat among mobile malware, encountered by 15.78% of all attacked users of Kaspersky solutions.
- More than 197,000 malicious installation packages were discovered, including:
- 52,723 associated with mobile banking Trojans.
- 1564 packages identified as mobile ransomware Trojans.
Quarterly highlights
The number of malware, adware, or unwanted software attacks on mobile devices, calculated according to the updated rules, totaled 3.47 million in the third quarter. This is slightly less than the 3.51 million attacks recorded in the previous reporting period.
Attacks on users of Kaspersky mobile solutions, Q2 2024 — Q3 2025 (download)
At the start of the quarter, a user complained to us about ads appearing in every browser on their smartphone. We conducted an investigation, discovering a new version of the BADBOX backdoor, preloaded on the device. This backdoor is a multi-level loader embedded in a malicious native library, librescache.so, which was loaded by the system framework. As a result, a copy of the Trojan infiltrated every process running on the device.
Another interesting finding was Trojan-Downloader.AndroidOS.Agent.no, which was embedded in mods for messaging and other apps. It downloaded Trojan-Clicker.AndroidOS.Agent.bl onto the device. The clicker received a URL from its server where an ad was being displayed, opened it in an invisible WebView window, and used machine learning algorithms to find and click the close button. In this way, fraudsters exploited the user’s device to artificially inflate ad views.
Mobile threat statistics
In the third quarter, Kaspersky security solutions detected 197,738 samples of malicious and unwanted software for Android, which is 55,000 more than in the previous reporting period.
Detected malicious and potentially unwanted installation packages, Q3 2024 — Q3 2025 (download)
The detected installation packages were distributed by type as follows:
Detected mobile apps by type, Q2* — Q3 2025 (download)
* Changes in the statistical calculation methodology do not affect this metric. However, data for the previous quarter may differ slightly from previously published figures due to a retrospective review of certain verdicts.
The share of banking Trojans decreased somewhat, but this was due less to a reduction in their numbers and more to an increase in other malicious and unwanted packages. Nevertheless, banking Trojans, still dominated by Mamont packages, continue to hold the top spot. The rise in Trojan droppers is also linked to them: these droppers are primarily designed to deliver banking Trojans.
Share* of users attacked by the given type of malicious or potentially unwanted app out of all targeted users of Kaspersky mobile products, Q2 — Q3 2025 (download)
* The total may exceed 100% if the same users experienced multiple attack types.
Adware leads the pack in terms of the number of users attacked, with a significant margin. The most widespread types of adware are HiddenAd (56.3%) and MobiDash (27.4%). RiskTool-type unwanted apps occupy the second spot. Their growth is primarily due to the proliferation of the Revpn module, which monetizes user internet access by turning their device into a VPN exit point. The most popular Trojans predictably remain Triada (55.8%) and Fakemoney (24.6%). The percentage of users who encountered these did not undergo significant changes.
TOP 20 most frequently detected types of mobile malware
Note that the malware rankings below exclude riskware and potentially unwanted software, such as RiskTool or adware.
| Verdict | %* Q2 2025 | %* Q3 2025 | Difference in p.p. | Change in ranking |
| Trojan.AndroidOS.Triada.ii | 0.00 | 13.78 | +13.78 | |
| Trojan.AndroidOS.Triada.fe | 12.54 | 10.32 | –2.22 | –1 |
| Trojan.AndroidOS.Triada.gn | 9.49 | 8.56 | –0.93 | –1 |
| Trojan.AndroidOS.Fakemoney.v | 8.88 | 6.30 | –2.59 | –1 |
| Backdoor.AndroidOS.Triada.z | 3.75 | 4.53 | +0.77 | +1 |
| DangerousObject.Multi.Generic. | 4.39 | 4.52 | +0.13 | –1 |
| Trojan-Banker.AndroidOS.Coper.c | 3.20 | 2.86 | –0.35 | +1 |
| Trojan.AndroidOS.Triada.if | 0.00 | 2.82 | +2.82 | |
| Trojan-Dropper.Linux.Agent.gen | 3.07 | 2.64 | –0.43 | +1 |
| Trojan-Dropper.AndroidOS.Hqwar.cq | 0.37 | 2.52 | +2.15 | +60 |
| Trojan.AndroidOS.Triada.hf | 2.26 | 2.41 | +0.14 | +2 |
| Trojan.AndroidOS.Triada.ig | 0.00 | 2.19 | +2.19 | |
| Backdoor.AndroidOS.Triada.ab | 0.00 | 2.00 | +2.00 | |
| Trojan-Banker.AndroidOS.Mamont.da | 5.22 | 1.82 | –3.40 | –10 |
| Trojan-Banker.AndroidOS.Mamont.hi | 0.00 | 1.80 | +1.80 | |
| Trojan.AndroidOS.Triada.ga | 3.01 | 1.71 | –1.29 | –5 |
| Trojan.AndroidOS.Boogr.gsh | 1.60 | 1.68 | +0.08 | 0 |
| Trojan-Downloader.AndroidOS.Agent.nq | 0.00 | 1.63 | +1.63 | |
| Trojan.AndroidOS.Triada.hy | 3.29 | 1.62 | –1.67 | –12 |
| Trojan-Clicker.AndroidOS.Agent.bh | 1.32 | 1.56 | +0.24 | 0 |
* Unique users who encountered this malware as a percentage of all attacked users of Kaspersky mobile solutions.
The top positions in the list of the most widespread malware are once again occupied by modified messaging apps Triada.ii, Triada.fe, Triada.gn, and others. The pre-installed backdoor Triada.z ranked fifth, immediately following Fakemoney – fake apps that collect users’ personal data under the guise of providing payments or financial services. The dropper that landed in ninth place, Agent.gen, is an obfuscated ELF file linked to the banking Trojan Coper.c, which sits immediately after DangerousObject.Multi.Generic.
Region-specific malware
In this section, we describe malware that primarily targets users in specific countries.
| Verdict | Country* | %** |
| Trojan-Dropper.AndroidOS.Hqwar.bj | Turkey | 97.22 |
| Trojan-Banker.AndroidOS.Coper.c | Turkey | 96.35 |
| Trojan-Dropper.AndroidOS.Agent.sm | Turkey | 95.10 |
| Trojan-Banker.AndroidOS.Coper.a | Turkey | 95.06 |
| Trojan-Dropper.AndroidOS.Agent.uq | India | 92.20 |
| Trojan-Banker.AndroidOS.Rewardsteal.qh | India | 91.56 |
| Trojan-Banker.AndroidOS.Agent.wb | India | 85.89 |
| Trojan-Dropper.AndroidOS.Rewardsteal.ab | India | 84.14 |
| Trojan-Dropper.AndroidOS.Banker.bd | India | 82.84 |
| Backdoor.AndroidOS.Teledoor.a | Iran | 81.40 |
| Trojan-Dropper.AndroidOS.Hqwar.gy | Turkey | 80.37 |
| Trojan-Dropper.AndroidOS.Banker.ac | India | 78.55 |
| Trojan-Ransom.AndroidOS.Rkor.ii | Germany | 76.90 |
| Trojan-Dropper.AndroidOS.Banker.bg | India | 75.12 |
| Trojan-Banker.AndroidOS.UdangaSteal.b | Indonesia | 75.00 |
| Trojan-Dropper.AndroidOS.Banker.bc | India | 74.73 |
| Backdoor.AndroidOS.Teledoor.c | Iran | 70.33 |
* The country where the malware was most active.
** Unique users who encountered this Trojan modification in the indicated country as a percentage of all Kaspersky mobile security solution users attacked by the same modification.
Banking Trojans, primarily Coper, continue to operate actively in Turkey. Indian users also attract threat actors distributing this type of software. Specifically, the banker Rewardsteal is active in the country. Teledoor backdoors, embedded in a fake Telegram client, have been deployed in Iran.
Notable is the surge in Rkor ransomware Trojan attacks in Germany. The activity was significantly lower in previous quarters. It appears the fraudsters have found a new channel for delivering malicious apps to users.
Mobile banking Trojans
In the third quarter of 2025, 52,723 installation packages for mobile banking Trojans were detected, 10,000 more than in the second quarter.
Installation packages for mobile banking Trojans detected by Kaspersky, Q3 2024 — Q3 2025 (download)
The share of the Mamont Trojan among all bankers slightly increased again, reaching 61.85%. However, in terms of the share of attacked users, Coper moved into first place, with the same modification being used in most of its attacks. Variants of Mamont ranked second and lower, as different samples were used in different attacks. Nevertheless, the total number of users attacked by the Mamont family is greater than that of users attacked by Coper.
TOP 10 mobile bankers
| Verdict | %* Q2 2025 | %* Q3 2025 | Difference in p.p. | Change in ranking |
| Trojan-Banker.AndroidOS.Coper.c | 13.42 | 13.48 | +0.07 | +1 |
| Trojan-Banker.AndroidOS.Mamont.da | 21.86 | 8.57 | –13.28 | –1 |
| Trojan-Banker.AndroidOS.Mamont.hi | 0.00 | 8.48 | +8.48 | |
| Trojan-Banker.AndroidOS.Mamont.gy | 0.00 | 6.90 | +6.90 | |
| Trojan-Banker.AndroidOS.Mamont.hl | 0.00 | 4.97 | +4.97 | |
| Trojan-Banker.AndroidOS.Agent.ws | 0.00 | 4.02 | +4.02 | |
| Trojan-Banker.AndroidOS.Mamont.gg | 0.40 | 3.41 | +3.01 | +35 |
| Trojan-Banker.AndroidOS.Mamont.cb | 3.03 | 3.31 | +0.29 | +5 |
| Trojan-Banker.AndroidOS.Creduz.z | 0.17 | 3.30 | +3.13 | +58 |
| Trojan-Banker.AndroidOS.Mamont.fz | 0.07 | 3.02 | +2.95 | +86 |
* Unique users who encountered this malware as a percentage of all Kaspersky mobile security solution users who encountered banking threats.
Mobile ransomware Trojans
Due to the increased activity of mobile ransomware Trojans in Germany, which we mentioned in the Region-specific malware section, we have decided to also present statistics on this type of threat. In the third quarter, the number of ransomware Trojan installation packages more than doubled, reaching 1564.
| Verdict | %* Q2 2025 | %* Q3 2025 | Difference in p.p. | Change in ranking |
| Trojan-Ransom.AndroidOS.Rkor.ii | 7.23 | 24.42 | +17.19 | +10 |
| Trojan-Ransom.AndroidOS.Rkor.pac | 0.27 | 16.72 | +16.45 | +68 |
| Trojan-Ransom.AndroidOS.Congur.aa | 30.89 | 16.46 | –14.44 | –1 |
| Trojan-Ransom.AndroidOS.Svpeng.ac | 30.98 | 16.39 | –14.59 | –3 |
| Trojan-Ransom.AndroidOS.Rkor.it | 0.00 | 10.09 | +10.09 | |
| Trojan-Ransom.AndroidOS.Congur.cw | 15.71 | 9.69 | –6.03 | –3 |
| Trojan-Ransom.AndroidOS.Congur.ap | 15.36 | 9.16 | –6.20 | –3 |
| Trojan-Ransom.AndroidOS.Small.cj | 14.91 | 8.49 | –6.42 | –3 |
| Trojan-Ransom.AndroidOS.Svpeng.snt | 13.04 | 8.10 | –4.94 | –2 |
| Trojan-Ransom.AndroidOS.Svpeng.ah | 13.13 | 7.63 | –5.49 | –4 |
* Unique users who encountered the malware as a percentage of all Kaspersky mobile security solution users attacked by ransomware Trojans.
securelist.com/malware-report-…
Studente accoltellato a Milano, la gang intercettata: “Speriamo schiatti, così non parla”
[quote]MILANO – “Magari quel cog…ne è ancora in coma, domani schiatta e ti danno omicidio. Ma speriamo, almeno non parla. Io gli stacco tutti i cavi”. Sono alcune delle parole intercettate dalla…
L'articolo Studente accoltellato a Milano, la gang intercettata: