Global cybersecurity firm Kaspersky has warned of a growing threat from fake mobile apps that steal data and money from users in the Philippines.
These malicious applications, often called Trojan bankers, are designed to look and function like legitimate utilities, such as mobile banking apps, government service portals or e-wallets, Kaspersky said.
Once installed, these apps run silently in the background, intercepting personal data, manipulating transactions and enabling remote access to personal and financial information.
The malware works by posing as real apps or by overlaying fake login screens on top of genuine ones. In more advanced cases, attackers can inject malicious code to remotely control infected devices and conduct unauthorized transactions undetected.
In 2024, cybercriminals are increasingly focused on mobile platforms and cryptocurrency assets, according to Kaspersky’s new Financial Cyberthreats Report. The report showed that the number of users encountering mobile banking Trojans rose by 3.6 times in 2024 compared to 2023. Crypto-related phishing detections climbed by 83.4 percent.
“Cybercriminals are constantly refining their tactics, and fake mobile apps have become one of the most effective tools in their arsenal,” said Adrian Hia, Kaspersky’s managing director for Asia Pacific.
“These apps may seem legitimate, but once downloaded, they are capable of stealing banking credentials, bypassing security checks, and causing serious financial damage,” said Hia.
In the Philippines, where mobile-first financial services are expanding rapidly, users remain highly vulnerable to online scams. Kaspersky recorded 82,565 financial phishing attempts in the first half of 2024, compared with 59,115 in the first half of 2025.
Kaspersky also noted that ransomware activity remains a serious concern across Southeast Asia, despite a slight decline in overall infection rates between the first half of 2024 and the same period in 2025.
In the Philippines, ransomware detections dropped marginally from 0.24 percent in the first half of 2024 to 0.22 percent in the first half of 2025, signaling persistent threat activity.
