Android malware to reach 1 million cases in 2013

The amount of malicious Android apps will reach 1 million specimens in 2013, if predictions from Trend Micro's annual security report are to be believed. The Japanese security company announced that in 2012 they detected 350,000 "malicious and high-risk Android app samples", which was a significant increase over the paltry 1,000 apps detected in 2011, but they expect to detect a further 650,000 pieces of malware in the upcoming year.

What took the Windows malware market 14 years to achieve, Android has managed in just three years. Trend Micro reports that the same kind of threats seen in the early PC malware days are being seen in Android today, including aggressive adware that sells user data, as well as premium service abusers that send expensive premium SMS messages to recoup monthly fees. In 2012, 605 Android malware families were detected, and this is expected to grow in 2013.

Premium service abusers were the most abundant threats in 2012, with adware, data stealers and malicious downloaders also topping the charts with significant figures. Most Android malware is disguised as a popular app, tricking unsuspecting users into downloading it before proceeding on their malicious paths; Trend Micro found rouge versions of popular apps such as Bad Piggies, Angry Birds Space and Instagram among others.

Interestingly - and quite rightly - Trend Micro includes aggressive ad networks as part of their malware count, with any app that gathers user data without notification, or pushes adverts through notifications, being marked as adware. They say the "aggressive display of ads is reminiscent of Windows adware, which have been plaguing desktops and laptops and annoying users with pop-up messages."

In 2013, Trend Micro predicts a range of new types of malicious Android attacks, which include:

  • New delivery methods including abusing social networking apps and synced accounts
  • QR code abuse
  • Combined mobile/desktop attacks, particularly targeting online banking
  • More rootkits for avoiding malware detection
  • Abusing new payment methods including NFC

The company also has advice for people wanting to protect their devices from attacks, which includes using built-in security methods, reading app permissions and potentially investing in a security app, which Trend Micro just so happens to make.

Source: Trend Micro (PDF) | Graphs from Trend Micro's report

Report a problem with article
Previous Story

Tim Cook: iPads are going after the Windows PC market

Next Story

Microsoft: "Nothing to share" on plans for a Super Bowl TV ad

30 Comments

Commenting is disabled on this article.

....really going to bring the windows markets time span into this? by the time android came out people were already proficient in programming and understanding attacks ... you cannot compare the time spans, doubt you can even efficiently count the cases in the windows share of the malware cases

SPEhosting said,
....doubt you can even efficiently count the cases in the windows share of the malware cases

Yes, malware for windows is really a 'big data' problem now.

With more freedom comes less security, its pretty simple. iOS you are free to do nothing, so there is little risk, Android you are free to do anything (if you so choose) so there can be risk,

Its a trade off I am willing to take because I hate closed, un-configurable software.

Sonne said
With more freedom comes less security, its pretty simple. iOS you are free to do nothing, so there is little risk, Android you are free to do anything (if you so choose) so there can be risk
I believe that if Google is really tried hard enough, they could make it a lot more secure while retaining the same freedom of customization.

Sonne said
Its a trade off I am willing to take because I hate closed, un-configurable software.
My iPod is jailbroken and I love it. I too cannot live in a closed environment. Maybe it's because I'm a geek and I know what these devices can really do, once they're unlocked. I can also see average users not caring about jalibreaking their devices because they like it just the way it is.

i got android, played with it for a week or two, now all i do with it is listen to music, read books, write sms and talk to people... no malware for me, only for those who install every new app they see.. apps are boring, unless they are useful, but they can still be boring

It seems that people are confusing Rogue/Scam Apps with real Malware. Infections on Android are impossible due to the very structure of the Dalvik VM. Whatever rogue App running stays confined in the VM, it cannot have access to low level system files and cannot cause any damage. Period.

adware as malware eh?

then how about apps thas using "Microsoft Advertising SDK" should that also classified as malware too?

Indeed, there's a big difference between adware and something *malicious*. You can't lump them together like this.

I don't like adware, of course - but calling it malicious is just fear-mongering.

Kirkburn said,
I don't like adware, of course - but calling it malicious is just fear-mongering.

Tell that to someone who goes from 8hr battery life on their smartphone to < 2h due to adware.
To a consumer, that's malice.

No, that's not malice, that's poor programming. It's quite obviously not the point of adware to reduce battery life, it has the opposite of the intended effect (dead phones can't show ads!).

Not sure how this is a surprise.. easy to root, easy to download software, some people are easy to trick or are careless. Three ingredients for easy malware infections, OS is irrelevant. Throw on a majority market share, and presto, big numbers. The malware goes where the uses are just like always.

Max Norris said,
Not sure how this is a surprise.. easy to root, easy to download software, some people are easy to trick or are careless. Three ingredients for easy malware infections, OS is irrelevant. Throw on a majority market share, and presto, big numbers. The malware goes where the uses are just like always.

So you can write a virus for my WP8?

Colin McGregor said,
So you can write a virus for my WP8?

You tell me. Is your device easy to root, can you easily install third party software without going through the store, and are you dumb enough to install a random file I mail you? It boils down to the same thing.. user carelessness and ease of access to the underlying system.

nekkidtruth said,
Android user since 2011 here. Three phones in and I'm still waiting for said "malware".

I haven't seen anything, as long as you don't go downloading random .apk files from sites and install every single free fart app you're fine.

nekkidtruth said,
Android user since 2011 here. Three phones in and I'm still waiting for said "malware".

Never seen it either. Download from random sites, then do so at your risk. Click on random links, same thing.

Major Plonquer said,
How do you know you don't have malware on board? There's virtually no way to check.

I hate seeing this question, because it implies that most malware is invisible. Hint: It's not.

SharpGreen said,

I hate seeing this question, because it implies that most malware is invisible. Hint: It's not.

A lot of it it is pretty hard to discover. Other things that steal data are impossible to detect. So for all the people who say they've never encountered this stuff, they don't even know if they have.

Android is kind of like Windows though. It's secure (maybe not as secure as something like Win 8) but the only real way you're going to get anything is from downloading .apk's from random sites. Same with Windows and downloading .exe's, but atleast Win 8 will warn you and comes with built in AV and SmartScreen filter.

There have been more than a few cases of malware and stuff getting on to the Android store though. Google are not as vigorous at checking as Apple and Microsoft.

Major Plonquer said,
How do you know you don't have malware on board? There's virtually no way to check.

Its called knowing what to do and what not to do on your device. Same with my computer, no malware for over a decade.

So that is how I know I am not infected. Number one cause of infections is user stupidity.

1Pixel said,
Android is kind of like Windows though.

More like Win 9x kernel level in terms of security.

thenetavenger has posted many times there are ways to compromise Android without using unverified APKs.

This is a serious threat, and those who say, "it's never happened to me" are just as bad as the windows fanboys in the 90s before blaster and nimda.

When it happens, it will cause a global ****storm.