Android app malware rates jump 40 percent

Android app malware rates jump 40 percent

Summary: A new report released by Trend Micro says that mobile malware rates are skyrocketing.

credit cnet

Mobile malware in the Android ecosystem has grown by over 40 percent in the past few months, researchers say.

A new report issued by Trend Micro (.pdf) says that high-risk, malicious app rates on the Google Android operating system rose to 718,000 at the end of the second quarter in comparison to 509,000 in the first quarter of this year.

The number of malicious Android apps in circulation surged by over 350,000 in this time period -- which originally took three years to reach when Google's Android operating system became established.

android malware ecosystem rise mobile threat security risk applications

The majority of malware discovered was packaged as fake, spoof or trojan-laden versions of popular applications. Almost half -- 44 percent -- were designed to subscribe unwitting downloaders to expensive services, and 24 percent were created to steal data. Adware-laden applications came in third at 17 percent.

android malware ecosystem rise mobile threat security risk applications

However, the researchers note that the discovery of the "master key" vulnerability in Android's security model was the most crucial revelation this year. Last month, a team from Bluebox Security found a vulnerability which could allow attacks to convert 99 percent of apps into a trojan -- which could then be used to steal data or connect to botnets without the user knowing.

Following the discovery, Duo Security and System Security Lab (NEU SecLab) released an app, ReKey, which they claim fixes the security flaw for you.

Screen Shot 2013-08-07 at 10.21.38

The United Arab Emirates was reported as the country with the highest rate of malicious app download volume at 13.79 percent. Myanmar and Vietnam came second and third. The United States and United Kingdom did not make the top ten list.

"The UAE recorded the highest malicious android app download volume, overtaking Myanmar, which placed first in the previous quarter," the report says. "Six new countries figured in this month's top 10, which may indicate an increase in mobile device use and/or attacks against such devices in these locations."

When analyzing the countries most vulnerable to privacy or data exposure, the report noted that "similar to last quarter, mobile users in Saudi Arabia downloaded the most number of high-risk apps. Vietnam placed second in light of the increasing mobile device use in the country."

According to Linda Barrabee, Research Director, Connected Intelligence at The NPD Group, approximately only 30 percent of all Android smartphones and tablets in the U.S., have any type of security app installed today. Coupled with the high rates of apps being added to the ecosystem every day worldwide, a large number of Android devices are likely to be exposed to risks -- and this trend is likely to continue in the future.

JD Sherry, vice president of technology and solutions at Trend Micro said:

"Due to the fractured nature of the Android network, it is very difficult for patches to reach all users in an effective timeframe. In some cases, users will never get patches as vendors leave their customers at risk of attack. Until we have the same urgency to protect mobile devices as we have for protecting PCs, this very real threat will continue to grow rapidly.

At the rate this malware is accelerating -- almost exponentially -- we appear to be reaching a critical mass. To fight this, Android users need to take great care when using their devices and take the simple, but effective, step of adding security software to all mobile devices."

Topics: Security, Android, Malware, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Windows Phone Beats Android For Fart Apps

    Not sure if that counts as "malware" or not ... perhaps "malodorousware" ...
    • Android = no malware, no viruses

      use just + watch the permissions before install and
      = no malware, no viruses

      so this article is jut a FUD
      • Android represents 94% of known mobile malware

        and yes it can be found in Googles app store. Google it.

        Likewise, why does a user need to watch the permissions an app requests? Perhaps it is because most android apps behave like malware with regards to user data and tracking>?

        Requiring a user to know what is safe and what isn't safe from the app store isn't a very good security model.
        • Facts VS FUD

          Firstly, the Trendmicro report does not state that the malware count is from the Google Playstore.

          In April 2013, Google removed 32 malicious apps from the Playstore. The apps were spread over 4 developer accounts all from Russia, and all were Russian Language apps.

          In March 2013, Google removed 21 malicious apps from the Playstore. All 21 were from developer account MYOURNET. Google removed them in 5 minutes after being reported by the Android Police site.

          How do these anti-malware operations like Trend Micro get malware counts?
          they get them from people installing their AV software and performing scans.
          Naturally, as more people install their wares and do more scans, the malware count goes up. Even their own report states that there is only ONE new malware in the top few that is actually new. They do not report their stats on number of scans, so we cannot correlate malware detected with scans performed to ascertain whether the 40% increase is due to increased scans or increasing malware instances per scan.

          How come there is no malware count for iOS?
          because you can't install AV software on non-jailbroken iOS devices. Apple doesn't allow it. Malware on iOS simply goes about it's business undetected.

          But Apple vets all Apps?
          Proof of concept malware has already bypassed Apple's vetting of apps.
          It remained live in the appstore for weeks until the white-hat developer reported it to Apple. Apple banned the developer instead of taking his advice on app store security.
        • you lie

          you lie + just search with google:
          "iPhones most vulnerable among smartphones"
          "Apple iOS Apps Leak More Personal Info Than Android"
          "40% of iOS popular apps invade your privacy without any permission"
          • Apparently it doesnt count

            Because Apple apps dont warn you first that youre about to leak your information.
            Also doesnt count because the second you register your ishit youre putting your information at risk.
      • While I agree I have to laugh at this argument

        How long did we have to listen to all the Apple haters going on and on about how great Android was because you could download apps from anywhere unlike on iOS devices. Yet once malware became a growing issue the story changed to it's your fault if you download from anywhere other than play. Not bashing Android, just the haters that can't make up their mind.
        • Android is like a car, iOS is like a train

          Android can go anywhere, as a result it can crash into a pole or a wall if you are not careful.
          iOS can only go where there are rails.
        • I still love being able to download software from sites other...

          than Google Play. It's just a matter of being careful and smart. It's an education issue. Still, I tend to only download from Google Play and Amazon Appstore. I love my one free app a day on Amazon.

          How do you like them Apples? LOL
          • I like them Apples just fine - great in fact!

            A fool and his Android are soon malware parted.
          • Nope.

            The only malware app ive ever had on any android device over the last 5 years was Google+. I removed it. As for where i get my apps from.... i get them from anywhere i like. But i dont just install anything on my phone. Im required to think about what im doing first. Which i have zero issue with.

            Using your brains = Not getting malware.
        • I call it freedom and responsibility....

          I call it freedom and responsibility....but do you need to be led? buy an iToy ;)
      • It's an end user education issue

        It's just like people who aren't educated about fishing emails for personal data. It's not surprising that the countries that install malware apps on their phones are from the Middle East and parts of Asia. These end users are the newcomers so they need to get educated on things like malware.

        A very simple way to avoid malware is to stick to the Google Play store and only download the software with high ratings and tens of thousands of downloads. The higher the number of downloads and the higher rating, the lower the chances that software will have malware.

        On Android you can start by downloading any of the Google apps you want. All the Google apps are fine.
    • Defend the Hive! Spin Mode initiated!

      "People are discovering that Android has a massive malware problem! How do we fix this"

      "Initiate Spin Mode! - deflect this as actually a Microsoft problem, or change the subject so the facts are no longer discussed!"

      And you honestly believe that will make the Android Malware suddenly disappear?
      William Farrel
      • Tin foil hats unite

        Seriously. I'm getting sick of these articles and the uneducated masses that they spawn. Android malware is real...IN CHINA. Most every bit of malware that exists either was born from or resides in China where they mostly do not have access to the Google Play store. Therefore they use 3rd party and illegal stores to gain access to virus/malware laden apps. This is not rocket science. Most of the phones and tablets out there have access to either Amazon's Android app store or Google's which rarely if ever carry these apps. The ones that don't get viruses. It's really that simple.
        • Are you so sure?

          1) go to google
          2) do a websearch for "google removes malware from play store"
          3) read the current articles about Google removing malware from the play store

          For that matter, most android apps behave like malware anyhow. Look at the permissions a simple free to play game asks for and explain why it needs those permissions.
          • As opposed to -

            Not being asked, not having to think first, and not having information stolen if you use some common sense.
            Apple doesnt do this. Youre not warned first. Not a good thing, because (quite rightly) apple realises the people that buy their devices are for the most part too stupid to understand that apps need permissions, and putting up warnings just panics stupid people that think for some reason that a linux based device surely shouldnt need permissions to do anything...

            My god you people are thick.
        • Really?

          Since when is the UAE in China? You are correct that users with access to Google Play and strictly use it are safer but we all know that if this were about Apple it wouldn't matter. If a small percentage of the malware was getting on jail broken phones downloading from Chinese sites Apple would be crucified and you would probably be leading the pack.
      • it hasn't worked for Microsoft, why would it work for Google?

        1. Windows has had way way way more security flaws than Android.
        3. Lots of windows malware infects you just by visiting a web page. No android malware can do that. It has to be installed by tricking gullible users. (most of whom are on the winpho platform anyway. :-) )

        your theory on Androids problems being unsolvable is invalid comparied to Mircrosofts. We don't even know how bad the situation is on Apple because they don't release figures or allow AV..
  • Sure.....

    This is the same crap story that comes out at least once a month. A "study", always by a company that is trying to sell a "security suite" for Android phones, announcing how bad the malware situation is on Android.

    718,00 malicous apps in the Play Store? Sure... And I'm guessing Trend Micro's 29.99 security suite will protect you from all of them, right?

    Conflict of interest and/or completely made up.