“Mobile devices are now a primary gateway to corporate data, but during travel, they’re also the most vulnerable,” said Kern Smith, VP of Global Solutions at Zimperium. “Unsecured Wifi, phishing disguised as travel alerts, and risky sideloaded apps are creating an ideal attack surface for cyber criminals—especially in peak travel months.”

Global hotspots and rising U.S. threats

Zimperium researchers have identified significant spikes in mobile malware activity across Southeast Asia, with Vietnam, Malaysia, and the Philippines experiencing some of the highest infection volumes. Notably, Luxembourg has emerged as a global outlier with elevated mobile malware targeting international travelers and corporate devices.

In the U.S., major cities like Los Angeles, New York, Portland, Miami, and Seattle are now seeing increased levels of mobile threats, driven by high numbers of business and vacation travellers, high mobile usage, and widespread unsecured network access. For enterprises with mobile workforces, this trend represents a growing risk of data exposure and potential breach.

Mobile threats amplified by travel

According to the Zimperium 2025 Global Mobile Threat Report, attackers are actively shifting to a mobile-first attack strategy. The most common threats facing travelling employees include:

• Man-in-the-Middle (MiTM) Attacks via public or rogue Wifi

• Phishing disguised as travel alerts, such as fake itineraries or boarding passes

• Risky sideloaded apps downloaded during travel

• Captive portals collecting emails or phone numbers, increasing phishing risk

“These are not hypothetical threats. They’re happening now, and they’re hitting devices that may lack even basic protection,” said Kern Smith.

Call to action for enterprises

Zimperium urges organisations to ensure visibility into all mobile endpoints, enforce device compliance, and block connections to unsecured networks. Businesses are encouraged to adopt enterprise-grade mobile threat defence to protect employee devices during travel.