The amount of malicious Android apps will reach 1 million specimens in 2013, if predictions from Trend Micro's annual security report are to be believed. The Japanese security company announced that in 2012 they detected 350,000 "malicious and high-risk Android app samples", which was a significant increase over the paltry 1,000 apps detected in 2011, but they expect to detect a further 650,000 pieces of malware in the upcoming year.
What took the Windows malware market 14 years to achieve, Android has managed in just three years. Trend Micro reports that the same kind of threats seen in the early PC malware days are being seen in Android today, including aggressive adware that sells user data, as well as premium service abusers that send expensive premium SMS messages to recoup monthly fees. In 2012, 605 Android malware families were detected, and this is expected to grow in 2013.
Premium service abusers were the most abundant threats in 2012, with adware, data stealers and malicious downloaders also topping the charts with significant figures. Most Android malware is disguised as a popular app, tricking unsuspecting users into downloading it before proceeding on their malicious paths; Trend Micro found rouge versions of popular apps such as Bad Piggies, Angry Birds Space and Instagram among others.
Interestingly - and quite rightly - Trend Micro includes aggressive ad networks as part of their malware count, with any app that gathers user data without notification, or pushes adverts through notifications, being marked as adware. They say the "aggressive display of ads is reminiscent of Windows adware, which have been plaguing desktops and laptops and annoying users with pop-up messages."
In 2013, Trend Micro predicts a range of new types of malicious Android attacks, which include:
- New delivery methods including abusing social networking apps and synced accounts
- QR code abuse
- Combined mobile/desktop attacks, particularly targeting online banking
- More rootkits for avoiding malware detection
- Abusing new payment methods including NFC
The company also has advice for people wanting to protect their devices from attacks, which includes using built-in security methods, reading app permissions and potentially investing in a security app, which Trend Micro just so happens to make.
Source: Trend Micro (PDF) | Graphs from Trend Micro's report