Android Malware Report – May 2012
With spring in its final days, it’s time to look at some of the freshly planted creepy crawlies that be awaiting harvest on our Android phones. A look at Android malware stats for the month of May show some new threats creeping up in our pie chart as well as some old pests, such as Android.Trojan.FakeDoc.A, Android.Exploit.RATC.A, and Android.Exploit.GingerBreak.A.
The newest contender to first place is Android.Adware.Mulad.A, a crafty adware that managed to sneak into 29.89% of the Android devices in our analysis pool.
Closely followed by “Battery Doctor” (also known as Android.Trojan.FakeDoc.A) with a 23.37% infection rate, we’re left to conclude that either awareness of this Trojan is still pretty low or people simply don’t mind having their devices pried into. Not only have we covered its existence in our Q1 malware report, but we’ve also seen it lead April’s malware chart.
Android.Exploit.RATC.A, Android.Exploit.GingerBreak.A, and Android.Exploit.Exploid.B have all fallen one position compared to last month’s report, which is understandable since a new adware leads the threat list. These types of exploits will undoubtedly show up in our stats for months to come. As long as people are willing to root their devices, they’ll almost certainly still be harvesting them come autumn.
Although Android.Hacktool.Faceniff.A occupies the same sixth place, it does however affect only 2.38% of devices, compared to last month’s 3.19%. Statistically speaking, the difference is negligible and having it constantly poking us is a matter of inconvenience rather than a serious threat.
Worth mentioning is a second adware (Android.Adware.Wallap.A) which, although ranked seventh in our chat, proves that adware is definitely on the rise. We’d even go as far as speculating that next month’s report will feature Android.Adware.Wallap.A packing a slightly higher detection rate.
The Android.Trojan.NotCompatible.A Trojan has been spotted a couple of weeks back as trying to trick Android users into downloading a fake update on their devices. Following a couple of drive-by attacks, a hidden frame was injected into some websites, causing Android owners who use their built-in browser to receive a fake notification update. The downloaded file is “Update.apk” and the application is named “com.Security.Update” so that everyone will execute it when user assistance is prompted. Ranked eighth in our chart, this Trojan will probably fade out of existence unless more websites are hit by the same drive-by attacks.
The premium SMS Trojan, Android.Trojan.SMSSend.G, has fallen four positions, ending up number nine. Dropping from 3.34% to 1.80% in a month could indicate we’re witnessing its demise and that it won’t be present in next month’s stats.
Your Facebook, Twitter, and LinkedIn usernames and passwords are still not safe, because Android.Hacktool.DroidSheep.A is still in our top ten malware chart. Headstrong and not going away, we still issue a warning to those in the habit of downloading bizarre and questionable apps from strange marketplaces.
Concluding that Android malware threats are still real and continuously thriving, you should be careful about what you’re downloading, installing and browsing. This May’s Android malware report will have hopefully raised more awareness on the threats your Android device is facing.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.