Lookout Q3 2025 Mobile Threat Landscape Report Reveals Rapidly Rising Business Risk

BOSTON--(BUSINESS WIRE)--Lookout, Inc., the leader in mobile threat defense, today released the Lookout Mobile Threat Landscape Report for Q3 2025, revealing that mobile risk has transitioned from episodic to a persistent, structural exposure for enterprises. The report highlights how threat actors are increasingly relying on scalable mobile‑first tactics, including social engineering, phishing, and credential theft, to breach enterprise defenses and gain access to sensitive corporate data. These findings reinforce that mobile devices — the gateways to business risk — must be central to any modern enterprise security strategy.

The Lookout Mobile Threat Landscape Report is based on analysis from the Lookout Security Cloud, which draws on billions of data points across devices, apps, and web activity to identify and stop mobile threats. For Q3 2025, Lookout observed over 1.2 million enterprise‑focused phishing and malicious web attacks and consistently elevated global encounter rates of nearly 13% across devices, underscoring mobile’s role as a primary initial access vector into corporate systems. The data also shows that iOS devices experienced significantly higher phishing encounter rates than Android devices, reflecting enterprise usage patterns and attacker focus on identity‑based exploitation.

“In today’s digital enterprise, mobile devices are no longer peripheral; they’re the gateways to business risk, with access to collaboration platforms, and cloud applications,” said Christoph Hebeisen, director of security intelligence research at Lookout. “Attackers are exploiting mobile workflows at scale — often without delivering malware at the outset — and effective defense demands comprehensive visibility and mobile‑first threat intelligence.”

Lookout data for Q3 2025 also reveals:

• Mobile phishing and social engineering have become structurally elevated threats, with attackers exploiting legitimate authentication and messaging workflows rather than relying solely on malware.
• iOS devices showed a materially higher phishing encounter rate than Android, driven by their common assignment to executives and high‑value enterprise users.
• Mobile device management (MDM) reduces risk modestly but does not fully prevent phishing exposure, particularly on widely used messaging platforms.
• Browser and app vulnerabilities continue to be exploited, with delayed patch adoption creating persistent exposure across mobile environments.
• More than 71,000 malicious apps were detected on enterprise devices in Q3 2025, illustrating the ongoing presence of covert surveillance and data‑theft tooling.

The Evolution of the Modern Attack Surface and Enterprise Security Strategy

Lookout’s Q3 2025 findings illustrate that mobile risk signals often appear earliest in the attack lifecycle — from credential capture to identity abuse — before threats advance into core enterprise systems. As attackers weaponize AI to scale social engineering and target trusted mobile communication channels, traditional endpoint‑focused defenses are increasingly blind to these critical signals. Modern security strategies must therefore integrate mobile telemetry and threat intelligence to detect early indicators of compromise and adapt to an evolving mobile attack surface.

About Lookout Threat Lab

Lookout Threat Lab analyzes proprietary telemetry and AI‑driven insights to equip security operations teams with the intelligence needed to identify and mitigate emerging mobile threats. By continuously monitoring devices, apps, and network interactions, Lookout delivers real‑time protection against phishing, malware, and advanced mobile‑based attacks that target today’s enterprise environments.

About Lookout

Lookout is the recognized leader in mobile security, trusted by governments, enterprises, and small businesses worldwide. The company pioneered the mobile security industry in 2009 and has built the largest and most advanced dataset in the market, protecting over 235 million devices and analyzing over 400 million apps. Powered by AI-driven mobile threat intelligence and supported by a world-class research team, Lookout delivers unmatched protection and proactive threat detection.

As mobile devices become the primary gateway to business risk, organizations face growing blind spots. Traditional security tools leave SOC teams without critical visibility into mobile risks, rendering them vulnerable to sophisticated cross-platform social engineering attacks. Lookout’s Mobile EDR closes this gap by providing real-time threat detection, investigation, and response, enabling security teams to stay ahead of evolving threats and keep their organizations safe. To learn more, visit www.lookout.com and follow Lookout on our blog, LinkedIn and X.

© 2025 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.