Android App Malware Rates Jump 40 Percent

Not open for further replies.


Staff member
Mar 24, 2011
Summary: A new report released by Trend Micro says that mobile malware rates are skyrocketing.

By Charlie Osborne for Zero Day | August 7, 2013 -- 10:00 GMT (03:00 PDT)


Mobile malware in the Android ecosystem has grown by over 40 percent in the past few months, researchers say.

A new report issued by Trend Micro (.pdf) says that high-risk, malicious app rates found in the Google Play store rose to 718,000 at the end of the second quarter in comparison to 509,000 in the first quarter of this year.

The number of malicious Android apps in circulation surged by over 350,000 in this time period -- which originally took three years to reach when Google's Android operating system became established.


The majority of malware discovered was packaged as fake, spoof or trojan-laden versions of popular applications. Almost half -- 44 percent -- were designed to subscribe unwitting downloaders to expensive services, and 24 percent were created to steal data. Adware-laden applications came in third at 17 percent.


However, the researchers note that the discovery of the "master key" vulnerability in Android's security model was the most crucial revelation this year. Last month, a team from Bluebox Security found a vulnerability which could allow attacks to convert 99 percent of apps into a trojan -- which could then be used to steal data or connect to botnets without the user knowing.

Following the discovery, Duo Security and System Security Lab (NEU SecLab) released an app, ReKey, which they claim fixes the security flaw for you.


The United Arab Emirates was reported as the country with the highest rate of malicious app download volume at 13.79 percent. Myanmar and Vietnam came second and third. The United States and United Kingdom did not make the top ten list.

"The UAE recorded the highest malicious android app download volume, overtaking Myanmar, which placed first in the previous quarter," the report says. "Six new countries figured in this month's top 10, which may indicate an increase in mobile device use and/or attacks against such devices in these locations."

When analyzing the countries most vulnerable to privacy or data exposure, the report noted that "similar to last quarter, mobile users in Saudi Arabia downloaded the most number of high-risk apps. Vietnam placed second in light of the increasing mobile device use in the country."

According to Linda Barrabee, Research Director, Connected Intelligence at The NPD Group, approximately only 30 percent of all Android smartphones and tablets in the U.S., have any type of security app installed today. Coupled with the high rates of apps being added to the ecosystem every day worldwide, a large number of Android devices are likely to be exposed to risks -- and this trend is likely to continue in the future.

JD Sherry, vice president of technology and solutions at Trend Micro said:
"Due to the fractured nature of the Android network, it is very difficult for patches to reach all users in an effective timeframe. In some cases, users will never get patches as vendors leave their customers at risk of attack. Until we have the same urgency to protect mobile devices as we have for protecting PCs, this very real threat will continue to grow rapidly.
At the rate this malware is accelerating -- almost exponentially -- we appear to be reaching a critical mass. To fight this, Android users need to take great care when using their devices and take the simple, but effective, step of adding security software to all mobile devices."


Senior Member
Dec 27, 2011
To all those who say they don't need any virus protection on their tablets, poo on you. ;)


Senior Member
Apr 29, 2012
The second sentence of the article appears to contain a significant mistake. The Trend Micro report does not refer to apps in the Play Store. It refers to "Android Apps" and conveniently neglects to mention specific sources, but you can infer a bit about that from the geographic distributions in the report. In fact, most if not all of the reported malware is likely from sources other than Google Play, including sources who provide counterfeit apps mimicking titles in the Play Store. I can understand a security vendor like TM sensationalizing select numbers a bit to boost interest in their products, which is likely the case in the TM report, but a journalist should be careful not launch false or misleading claims about malware vectors.


Senior Member
Apr 29, 2012
You make a good point, however, both Google and Apple have managed to allow malicious apps to get past their review process.
So has McAfee, Norton, and every onboard malware protection service out there, including Trend Micro. The important thing is to understand and manage the real risks. Misleading claims about malware distributions don't help, but instead cloud the issue. It's junk science. To understand the real risks, and select the best solutions, whether onboard or through vendor screening, we need objective data, not exaggerated scary stories.
Not open for further replies.