Malware targeting Android users has nearly quadrupled since 2011. As you can see in the graph above, 10 Android malware families were detected in Q1 2011. This number increased for two quarters in a row, then dipped for one, and then finally settled at 37 in Q1 2012. That means a year-over-year growth of 270 percent.
The data comes from security firm F-Secure. The trend was revealed today in the company's 47-page Mobile Threat Report Q1 2012 (PDF). Here's the corresponding excerpt:
Since its debut, Android has quickly claimed significant market share in the mobile market. Unfortunately, such popularity (amongst other factors) makes Android a lucrative target for malware authors. New families and variants of malware keep cropping up each quarter, and this trend shows no sign of slowing down. In Q1 2011, 10 new families and variants were discovered. A year later, this number has nearly quadrupled with 37 new families and variants discovered in Q1 2012 alone. A comparison between the number of malicious Android application package files (APKs) received in Q1 2011 and in Q1 2012 reveals a more staggering find — an increase from 139 to 3063 counts. This growth in number can be attributed to malware authors crafting their infected or trojanized applications to defeat anti-virus signature detection, distributing their malware in different application names, and trojanizing widely popular applications.
It makes sense that both the number of malware families and malicious Android APKs is increasing, but it's still staggering to see that the latter number is now over 3,000, whereas last year it was just above 100.
The increase in malware numbers is indicative of a wider increase in mobile threats, according to F-Secure. Even more worrying, however, is that the Finnish security firm warned many of the apps are targeting Android users' financial data, noting that 34 of the current malware families are designed to steal money from infected smartphones.
"The most interesting malware trend over recent months has been the increase in Trojans that deliver on their promises," F-Secure analyst Sean Sullivan said in a statement. "This makes it harder for victims to know they have been victimised as there is less for them to detect."