Android malware families nearly quadruple from 2011 to 2012

Android malware families nearly quadruple from 2011 to 2012

Summary: F-Secure has found that between Q1 2011 and Q1 2012, the number of Android malware families has increased from 10 to 37, and the number of malicious Android APKs has increased from 139 to 3,069.


Malware targeting Android users has nearly quadrupled since 2011. As you can see in the graph above, 10 Android malware families were detected in Q1 2011. This number increased for two quarters in a row, then dipped for one, and then finally settled at 37 in Q1 2012. That means a year-over-year growth of 270 percent.

The data comes from security firm F-Secure. The trend was revealed today in the company's 47-page Mobile Threat Report Q1 2012 (PDF). Here's the corresponding excerpt:

Since its debut, Android has quickly claimed significant market share in the mobile market. Unfortunately, such popularity (amongst other factors) makes Android a lucrative target for malware authors. New families and variants of malware keep cropping up each quarter, and this trend shows no sign of slowing down. In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new families and variants discovered in Q1 2012 alone. A comparison between the number of malicious Android application package files (APKs) received in Q1 2011 and in Q1 2012 reveals a more staggering find — an increase from 139 to 3063 counts. This growth in number can be attributed to malware authors crafting their infected or trojanized applications to defeat anti-virus signature detection, distributing their malware in different application names, and trojanizing widely popular applications.

It makes sense that both the number of malware families and malicious Android APKs is increasing, but it's still staggering to see that the latter number is now over 3,000, whereas last year it was just above 100.

The increase in malware numbers is indicative of a wider increase in mobile threats, according to F-Secure. Even more worrying, however, is that the Finnish security firm warned many of the apps are targeting Android users' financial data, noting that 34 of the current malware families are designed to steal money from infected smartphones.

"The most interesting malware trend over recent months has been the increase in Trojans that deliver on their promises," F-Secure analyst Sean Sullivan said in a statement. "This makes it harder for victims to know they have been victimised as there is less for them to detect."

See also:

Topics: Mobile OS, Android, Google, Malware, Mobility, Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Android

    One reason I won't touch it.
    • I'll Repeat this as many times as I have to

      Hmm, market apps stealing sh*t?, well the TERMS PAGE LISTS what the app has ACCESS TO; oh wait, you idiots NEVER READ the agree to terms page. So I guess it's totally google/android's fault then huh?...non-market apps? There's literally CHECKMARK BOX TO ALLOW INSTALLATION OF NON-MARKET APPS. It's YOUR own fault for being an idiot; dont blame the software for YOUR idiocy
      • All kinds of fail...

        It's just not right for you to be calling people idiots after you typed "YOU'RE" twice when you should've used "YOUR".

        An idiot is as an idiot does...
      • So, please tell me how to distinguish...

        ...real Mail, SMS or Note apps from malicious 3rd party Mail app or SMS app or Note app you download from Google Play and it turn out to be some kind of key logger or premium SMS sender, or just steal your mail data? This kind of software mimicry is not possible to avoid while reading "Terms page". Stop be an ass, it is a serious thing.
      • ah, my mistake

        Ah, thank you for catching my mistake. I tend to type too quickly for my own good :/
      • Why, exactly?


        And why would you need third-party mail/SMS apps from the market anyways, beyond maybe a couple of well-known ones like Go SMS? Android's own functions well enough.
      • Jbluna's "yours" were correct

        @furious00 and @Jbluna, the usage of "your" in "YOUR own fault" and "YOUR idiocy" in JBluna's original post were correct. "Your" is possessive, and "you" own the fault and the idiocy. "You're" is an abbreviation for "you are", and it would not make sense to say "you are own fault" or "you are idiocy".

        Having said that, a user may download an app thinking it is legitimate and therefore grant it the rights it asks for. That doesn't necessarily make him or her an idiot. I think one of the points in the article is that the app may have a legitimate function which works, so the user may never realise it is a trojan.
      • It's not hard...

        ... to avoid Android malware.
        1. Only use Google Play to download apps. Avoid sideloading apps unless it is from a trusted source.
        2. Do not download a new app in the app store. Wait and read comments from others. Only when an app has positive feedback from a lot of people should you even consider trying it. The rating system in Google Play works well not only for filtering out malware but also apps that are just cr4p.
        3. read the permissions requirement of the app when you install it. If you are not happy with the permissions request, quit the install.

        There really isn't a big malware problem in the Google appstore. They get deleted as people report them. Most of the Android malware comes from alternative appstores and people downloading it from torrents, peer-to-peer networks, and download sites. This is especially true of people who try to avoid paying for, eg. a game, and try to get a free copy which has been laden with malware.
        The driveby type malware hardly exist for Android for a simple reason. The OS itself will not allow formal install in a driveby attack. It has to be done via specific vunerabilities which varies from one Android to another.
        The HUGE variations in Android installs and hardware pretty much deters anyone trying to develop code that could be effective to a significant degree on lots of different Android installs.
        Unlike iOS where the environment is highly predictable for exploits thus making it a sitting duck for malware, Android is a moving target in comparison.
        Tread with caution by all means, but there is no need to panic about Android malware.
      • **I'll repeat this as many times as I have to**

        f someone does something foolish, tell them and let them make up their own mind. At least they were told the truth. Never use what you know as a club, it can only lead to anger. You may have read, as I have, what these Apps connect to chose to not allow it, but there are trusting people out there that believe the information accessed will not be used maliciously. Calling people "idiots" only shows the atmosphere were raise in, Jbluna, and I'm sorry that you had to live around such verbal abuse and without real family support.. unless of course, despite your parents efforts, you're just an ass.

        Yes folks, do take to time to read what information these Apps will access and take care not to allow them in anything personal and confidential, including your contacts, GPS and the likes. What ever you do, do not do online banking with you phone, it's a lot less secure than you think.
      • when google started messing with my android & private info; every time the.

        If you read the terms and so-called that GOogle presents to users its a joke! The Privacy Policy Is " BULLSHIT"! I told them that on the feedback page! Whenever I "Disobeyed" The MASTER GOOGLE! The TERMS & PRIVACY POLICY page would show on the page! I would always DECLINE!!! There was no way I'd agree to that lie! Not after getting to know the REAL GOOGLE!
    • Only Judge what you understand. In that case buy a non smartphone

      I guarantee you, DO NOT take Apples censorship as any form of security.

      No system can be protected from a user with install and execute priviledges.

      Linux runs over 70% of web servers, these are mainly secure and almost completely secure from "user installed" trojans, as are routers.

      Almost all routers and phones are out of date. Apple are slow to patch all their systems and browsers. Windows Phone is the worst supported with future compatibility and so most likely to be completely out of date. Google actually do well with patches and their own nexus ROMS, however providers like HTC and Sony promising timely updates and testing forever means phones are almost always attackable (I'm still waiting!). This means almost all phones and routers are and should be treated as completely insecure. We have email accounts that aren't allowed on phones. The GSM comms is also decryptable by the way. Phone Hacking, we haven't scratched the surface.

      Heck I could probably hack every router on my street except my own without pulling the power, if I wanted. I never have and wouldn't!. Sky even mandate legally that you must use their insecure router to ease troubleshooting.

      Once hacked I could install trojans on routers or phones. Idiot hackers hacking idiot users isn't worth talking about. If you see a free worms app pop up 1 hour ago, don't download it. Phones could probably do with an easier method of pin locking all app installs though and not just paid ones to protect trigger happy children etc.

      All systems are susceptible to obvious trojans, android actually has better scanners especially as the host OS is open source allowing better traps, that's almost irrelevent too. I'm far more worried about spyware with legitimate uses that you don't know what it's doing especially if it's closed source. You need to trust authors like Google inc. That's where further work needs doing for all phone OS in better identification and user trust sharing.

      Did you know you have to pay to be able to register apps on Google's own market. Maybe you should be blaming the banks for crap security and ID theft??? Of course, as I've said a hacker could install trojans on all phone OS anyway and especially a non trojaned app could.

      What we really want is an open source only linux repo (catalog) like linux desktops. Any other software that you generally won't need at all is a risk. Windows 7 desktop comes with nothing so anything past trusted authors/vendors is a risk the same as Android.
      • ...

        Stop spreading FUD about Windows Phone 7. It has actually been relatively well updated, and its phones have had a quicker update cycle than some of the Android devices out there.
  • A mess.

    I won't buy or recommend androd phones to anybody. This is purly based on the fact that any app can steal the owners personal information and contacts and the threat of malware.
    • I'll repeat this AS MANY TIMES AS I HAVE TO

      Hmm, market apps stealing sh*t?, well the TERMS PAGE LISTS WHAT THE APP AS ACCESS TO; oh wait, you idiots NEVER READ the agree to terms page. So I guess it's totally google/android's fault then huh?...non-market apps? There's literally CHECKMARK BOX TO ALLOW INSTALLATION OF NONMARKET APPS. It's YOU'RE own fault for being an idiot; dont blame the software for YOUR idiocy
      • Keep repeating as much as you like . . .

        Keep repeating as much as you like . . . it won't comfort those who are now having to clean up their own financial mess.
    • ?

      So then you also would not reccomend or use Apple or Windows powered phones or symbian or such as on all of these your general blanket statement means them also. What do you use just old brick phone correct?
    • the iAlternative?

      [quote]I won't buy or recommend androd phones to anybody. This is purly based on the fact that any app can steal the owners personal information and contacts and the threat of malware. [/quote]
      What's the alternative?
      Apple iOS system doesn't even let you know the app is going to access contact lists or stored data. iOS simply gives FULL ACCESS to ALL APPS without ANY NOTIFICATION. Any app could datamine the cr4p out of iPhone and the user would have no clue at all. Malware: it JUST WORKS!
      • Uhm…

        … warboat, I owned an iPhone 3G [which at the time was iOS v2.0 through to v4.2.1] and now I have the iPhone 4S [iOS 5]. In my experience, any iPhone app on my iPhone 3G could only access my contacts with my permission. To say it automatically does it without any notification basically tells me that you don't have any current, real world, experience with the iPhone. So, while I can't speak of iOS prior to v2.0, I can say that I've always been asked by an app if I wanted to grant permissions of any kind. The reason why I know this to be true was because I was rather happy to be asked if I wanted to share or not share data with others. Not that I had a lot of Apps that do this, because it was only for Apps like FoodSpotting, etc, where a person shares some inane data for others to see. But, I thought it was well thought out.

        I think the reason for this is that Apple has to test the app before allowing it to be sold at the store. So, you can't distribute an app like that through them. Which, again, makes sense to me that all distribution needs to happen through Apple. Just like others who advice people to only purchase Android Apps at Google Play. Testing the apps before distribution is what is going to allow for people to experience less exploits. Of course, this doesn't seem to be the case for Android/Google as we're starting to see quite a few exploits. If this was from Apps that people downloaded outside of Google Play, then I could understand the problem. But, if it comes from Apps that were download at Google Play, then perhaps they need to take a cue from Apple and do some QA on their end before allowing the distribution the App in question. That is, "IF" that is how the exploit is able to spread. Just saying.
  • Market Share Isn't the Cause Here

    Unlike the Windows to OS X case, the true cause of this is irresponsibility.

    Google's act of living the android market open to all is the major cause of this, and they need to get their sh*t together or they'll just have users switching to iOS and WP.

    I can guarantee that if google was strict with the Android Market regulations, a bit like cr_Apple, all these news about mobile malware will seize to exist and I might consider an Android phone as my next phone.
    • @MrElectrifyer

      Actually, Google do check for malware. Most Android malware comes from other sites. As long as you keep the "download from unknown" sites unchecked and only download stuff from Google and people you trust with your life, you should be quite safe. Also remember to apply common sense perhaps you should avoid installing that flash light application that want to peek into your address book.