Malicious apps, mobile malware reaches 1 million mark

Summary:According to Trend Micro, there are over one million malicious applications currently up for download on the Android market.

There are over one million Android-based questionable and malicious applications in the wild, security researchers say.

In a blog post, Trend Micro's Gelo Abendan says that in 2012, over 700,000 malware and high-risk apps were found online. Due to Google's Android operating system expansion and popularity, the firm predicted that this number would reach the one million mark in 2013 as hackers sought to cash-in on Android and mobile devices.

The security firm's researchers say that this prediction has now come to pass.

According to Trend Micro Mobile App Reputation Service feedback, there are now over one million malware and high-risk applications in the wild. While mobile malware includes premium service abusers and risky apps may push advertisements that lead to dubious sites or replicate popular, legitimate apps in order to steal data or financial information, 75 percent of the examples found performed "outright malicious routines," while 25 percent "exhibit dubious routines," which include adware.

The researchers say that among mobile malware, FAKEINST and OPFAKE were discovered the most, claiming 34 percent and 30 percent of examples respectively. FAKEINST malware is generally disguised as legitimate applications, and are known to be premium service abusers -- sending costly text messages to services without a user's permission and incurring high costs as a result.

Rovio's Bad Piggies game, significant popularity among Android users, became part of a high-profile hijack by FAKEINST developers. Versions were created and released on Google Play right after the game's legitimate release. Although the clones were swiftly pulled, thousands of downloads took place. The malicious app asked for a number of extra permissions, including location, network communication, accounts, storage, phone call records, hardware controls and system tools.

OPFAKE is similar to FAKEINST, and also mimics legitimate apps -- but one variant, ANDROIDOS_OPFAKE.CTD, opens HTML files that ask users to download malicious files, as well as performing standard risky activities including premium service abuse.

On the high-risk application front, ARPUSH and LEADBLT lead the pack, accounting for 33 percent and 27 percent of the total number found. Both use adware and steal user information including operating system data, GPS location and IMEI -- the international code assigned to mobile devices.

The threat to mobile devices is not limited to personal data theft and adware, however. Trend Micro says that banking transactions performed on a smartphone or tablet are at increased risk, with the likes of FAKEBANK and FAKETOKEN malware threatening users.

Credit: Trend Micro

Topics: Security, Mobile OS, Mobility, Smartphones, Tablets, Developer


Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charli... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.