Keeping a close watch on mobile device fleets and corporate data is more critical than ever. In fact, 2025 saw an 85% increase in organizations reporting attacks on mobile devices, according to the Verizon 2025 Mobile Security Index. And Android malware alone has risen 67% year-over-year, highlighted in a 2025 report by Zscaler. Cybercriminals are just as active in 2026, and their tactics are growing increasingly sophisticated.
That puts the onus on organizations to stay a step (or several) ahead when it comes to mobile device security. The same goes for businesses employing mobile devices in the field. This starts with recognizing and understanding the threats already here and those on the horizon. Here are five emerging cyberattacks that are running up the red flags.
1. AI-driven social engineering
According to IT industry group ISACA, 2025 marked the first time AI-driven social engineering topped its list of critical threats, cited by 63% of its members and surpassing both ransomware and extortion attacks.
It’s not hard to understand why. Generative AI allows cybercriminals to easily spawn a near- limitless number of variations on messages that could dupe employees into handing over passwords and other credentials — even deepfakes that resemble real people. This activity not only happens via traditional channels, such as email, but in so-called “smishing” attacks that leverage SMS, “vishing” or voice phishing, and phishing using QR codes.
Samsung is helping organizations stay safe against phishing with on-device AI like its “Suspected Voice Phishing Call Alert,” which is included in One UI 8.0 running on the latest foldables Galaxy Z Fold7 and Galaxy Z Flip7. Another feature, Samsung Message Guard, automatically scans and isolates image files to prevent zero-click attacks that could install malware without user action.
2. API Exploitation
Organizations racing to adopt AI are leaning more heavily on integrations via application programming interfaces (API) to connect tools and solutions to their existing tech stack. This creates a larger attack surface for cybercriminals, which is why 69% of organizations call API-related fraud a serious issue, according to a 2025 report by Traceable.
The impact of generative AI could also lead to API data leakage and unauthorized access to sensitive data, including from AI agents.
Devices like the Galaxy Tab S11 Series help mitigate these risks by allowing organizations to store API keys and sensitive data in Knox Vault, a hardware-level security system that separates such data from the OS and main processor.
3. RatON
Near-field communication (NFC) has been a highly useful technology for making contactless payments, but 2026 will see it become more involved in security incidents. Some threat actors have already been waging NFC relay attacks, for instance, reading a victim’s card data off an infected device and sending it to another device that tricks a payment terminal into making a transaction on their behalf.
Now researchers have discovered RatON, which combines NFC relays with a remote access trojan (RAT) and an overlay attack to automate money transfers. The malware dropper has been discovered on the Google Play Store, and once installed, can request permission to download apps from third-party sources.
Samsung Galaxy devices can help avoid off threats like RatON via Knox Vault, Auto Blocker and Secure Boot, among other features.
4. 5G downgrades and interceptions
Businesses equip their employees with 5G mobile devices because they want them to enjoy strong, interrupted service no matter where they travel. However, researchers have discovered a technique that could allow attackers to target the pre-authentication phase where data passes between a tower and a smartphone, injecting them with messages or reading and modifying messages.
Dubbed SNI5GECT, this approach could let threat actors downgrade devices to 4G, where they could be vulnerable to interception, tracking or other security issues. Though these attacks are not currently happening in the wild, they illustrate a potential cybersecurity gap facing mobile device users.
These attacks would involve low-level firmware that can easily get overlooked by busy companies. Businesses that pair Galaxy devices with Knox Suite can leverage Knox E-FOTA to make firmware updates over-the-air, which limit the risks of firmware-based attacks.
5. Direct-to-cell data breaches
The sky above us is slowly becoming filled with low-orbit satellites, which promise enhanced connectivity without the need for traditional cell towers. However, the same technology could also pose new cybersecurity risks.
Cybersecurity experts have predicted direct-to-cell communications could let threat actors with minimal equipment conduct signal jamming and spoofing, man-in-the-middle attacks and impact supply chains before long. Disruptions could range from emergency services disruptions to business operations.
This is where the value of a defense-in-depth approach such as Knox comes to the fore. Devices like Galaxy Z Fold7, Z Flip7 and Tab S11 all feature layered security that includes strong encryption, real-time alerts and secure storage using features like Secure Folder.
Mobile threat defense is a must-have
It’s never easy to predict the path of future of cybersecurity attacks, but one thing is certain: a mobile threat defense strategy needs to encompass all parts and stages of the mobile ecosystem, including hardware, software and interfaces. Fortunately, Samsung is doing just that by building in advanced security features into its mobile devices.
Learn more about how Knox Suite Enterprise Plan can offer you full control of enterprise mobility management.
