Mobile malware in the Android ecosystem has grown by over 40 percent in the past few months, researchers say.
A new report issued by Trend Micro (.pdf) says that high-risk, malicious app rates on the Google Android operating system rose to 718,000 at the end of the second quarter in comparison to 509,000 in the first quarter of this year.
The number of malicious Android apps in circulation surged by over 350,000 in this time period -- which originally took three years to reach when Google's Android operating system became established.
The majority of malware discovered was packaged as fake, spoof or trojan-laden versions of popular applications. Almost half -- 44 percent -- were designed to subscribe unwitting downloaders to expensive services, and 24 percent were created to steal data. Adware-laden applications came in third at 17 percent.
However, the researchers note that the discovery of the "master key" vulnerability in Android's security model was the most crucial revelation this year. Last month, a team from Bluebox Security found a vulnerability which could allow attacks to convert 99 percent of apps into a trojan -- which could then be used to steal data or connect to botnets without the user knowing.
Following the discovery, Duo Security and System Security Lab (NEU SecLab) released an app, ReKey, which they claim fixes the security flaw for you.
The United Arab Emirates was reported as the country with the highest rate of malicious app download volume at 13.79 percent. Myanmar and Vietnam came second and third. The United States and United Kingdom did not make the top ten list.
"The UAE recorded the highest malicious android app download volume, overtaking Myanmar, which placed first in the previous quarter," the report says. "Six new countries figured in this month's top 10, which may indicate an increase in mobile device use and/or attacks against such devices in these locations."
When analyzing the countries most vulnerable to privacy or data exposure, the report noted that "similar to last quarter, mobile users in Saudi Arabia downloaded the most number of high-risk apps. Vietnam placed second in light of the increasing mobile device use in the country."
According to Linda Barrabee, Research Director, Connected Intelligence at The NPD Group, approximately only 30 percent of all Android smartphones and tablets in the U.S., have any type of security app installed today. Coupled with the high rates of apps being added to the ecosystem every day worldwide, a large number of Android devices are likely to be exposed to risks -- and this trend is likely to continue in the future.
JD Sherry, vice president of technology and solutions at Trend Micro said:
"Due to the fractured nature of the Android network, it is very difficult for patches to reach all users in an effective timeframe. In some cases, users will never get patches as vendors leave their customers at risk of attack. Until we have the same urgency to protect mobile devices as we have for protecting PCs, this very real threat will continue to grow rapidly.
At the rate this malware is accelerating -- almost exponentially -- we appear to be reaching a critical mass. To fight this, Android users need to take great care when using their devices and take the simple, but effective, step of adding security software to all mobile devices."