Android Mobile Malware Report – July 2012
The mid-summer mobile malware report reveals not only that Android malware developers are interested in making money, but also that most threats we’ve dealt with are still going strong.
For three months, we’ve been talking about the steady growth of adware-bundled apps. Now we’ve seen the percentage spike to 77.34% of the total of Android malware detections. This all-time high represents the total amount of Adware currently injected in apps, and not only detections involving the infamous Android.Adware.Mulad.A.
Breaking down adware detections even further, the Android.Adware.Mulad family is by far the most prevalent, summing up to 93.77% of the adware-ready apps we’ve catalogued. The remaining 6.23% are other types of adware such as Android.Adware.Wallap.A, Android.Adware.Mobsqueeze.A, Android.Adware.SndApps.A etc.
Our top 10 chart strictly involves Trojans, exploits, and hacktools, leaving aside adware-injected apps, which are not malicious in nature.
Android.Trojan.FakeDoc.A, also known as “Battery Doctor,” counts a 14.78% infection rate. The battery optimization app is still the number one threat, meaning users are still unaware that the app can steal contact details and intercept SMS messages and emails.
Like last month, the second biggest threat is still Android.Exploit.RATC.A, dubbed “Rage Against the Cage.” With a 14.30% infection rate, users still seem to root their devices so privileged access to some components can be unlocked.
Gingerbread-running Android devices are mostly rooted with the help of Android.Exploit.GingerBreak.A. Considering that it ranked third with a 6.38% infection rate, it’s safe to assume quite a few devices out there are running the Gingerbread build of Android OS.
Another exploit used for rooting Android handsets equipped with Gingerbread is Android.Exploit.Exploid.B, which clocked in fourth in our chart with a 4.53% infection rate. With a similar behavior to RATC’s, the exploit is also of great value to users who opt for a rooting solution.
Android.Trojan.FakeInst.BB sends premium rated SMS messages after it has been bundled with apps that seem legit. Although it only infected 3.84% of the scanned apps, it’s still pretty efficient.
Compared to last month, Android.Hacktool.Faceniff.A jumped from 2.63% to 3.67%, suggesting that stealing social networks passwords and what-not is gaining traction and, implicitly, more value. As a result, the hacktool is now sixth in our chart, from seventh last month.
Users are still tricked into thinking they’re downloading a perfectly legitimate app by Android.Trojan.FakeInst.AV, because 3.16% of the scanned apps revealed its presence. After download, it starts sending premium rated SMS messages so it can rack up your phone bill and generate income for malware coders.
Android.Trojan.SMSSend.G and Android.Trojan.SMSFlood.A are two variants of a Trojan that starts sending premium rated SMS messages once it sneaks into your device. With a 2.85%, respectively 2.4% infection rate, such Trojans seem highly appreciated by malware coders.
Our stats reveal that India is the country most affected by malware and adware, with an infection rate of 8.41%. The second and third places are occupied by the United States, with a 6.7 percent infection rate, and Romania, at 6.69%.
The United Kingdom and France have close percentages as well, with 5.08% rand 5.01% placing them in the top five countries affected by Android malware. Germany is sixth with 4.32%, followed by China with 3.7%, ahead of Spain and Malaysia, which scored 2.93% and 2.78%.
This month’s report revealed that malware coders are mostly using Trojans or aggressive adware bundled with a wide range of apps. August will probably reveal many of the same threats in terms of Trojans and Exploits, but we might also see further increase aggressive adware.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.