Number of malicious Android apps grows by 2200% year over year

by: Gary SimsMay 16, 2012

android trojan
You might be asking yourself if you read the headline to this post correctly. A 2200% growth in the number of malicious Android apps, can that be right? Unfortunately it is. According to the Mobile Threat Report Q1 2012 (PDF) released by security company F-Secure, the number of malicious Android application package files (APKs) they received in the first three months of the year grew from 139 in 2011 to 3063 for the same period in 2012. Similarly, in 2011 security researchers discovered 10 new families of Android malware. Move forward twelve months, and that number has grown nearly four-fold with 37 new families and variants discovered in Q1 2012.

So why the growth? For one part, it is due to Android’s popularity. As market shares have grown and companies like Samsung have moved into the top handset manufacturer spots, Android has become a lucrative target for malware writers. Greed is a powerful motivator and the majority of malware is written to gain money illegally and unethically. The 2200% jump in malicious apps is largely due to attempts by malware writers to modify malware signatures to defeat anti-virus detection coupled with an increase in the number of apps trojanized.

This trojanizing of popular apps is a key strategy for cyber criminals. They take a popular game, say Angry Birds, and then add malware to it. Next, it is disseminated via third party app stores or via direct download links on social networking sites. Unsuspecting victim’s download the app which in turn infects their Android device. In the case of premium rate SMS malware, the next phone bill is unexpectedly large!

Three interesting malware packages found in the last year include:

  • FakeToken.A, a Trojan that pretends to be a token generator for mobile banking. The malware works by impersonating a valid token generator but, in fact, only issues random numbers while in the background sending the username and password for the mobile banking to a command and control server.
  • Boxer.H, a new variant of the existing Boxer family, which pretends to be Google Play.
  • RootSmart.A, downloads an exploit to gain root privileges on the infected device. This in turn allows it to install more applications / malware. It also has a bot component that can receive commands from a remote server. These commands include malicious money making actions like sending premium rate SMS messages, and accessing pay-per-view videos.

As always – be careful what you download and from where you download it!

Are you concerned about Android malware? Are you a victim? What do you think Google should do about it? Let us know by leaving a comment below.


  • VitoCassisi

    Most of this malware would be from pirated apk’s. My app has been pirated and redistributed around the net, and every copy I’ve downloaded to inspect has had some sort of malware attached to it.

    • Exactly.. the trojanizing of popular apps… sorry to hear it has happened to your app… but at least it means it is popular!!!!


    • EddieT

      What is your suggestion for us Consumers, to be able to detect Malware ~ of course U R the developer of that software, and can check.. any suggestions appreciated :)

      • VitoCassisi

        I used Avira on my PC to detect malware. But you can also tell by how the apk is packaged.

  • 8PAQ

    Hey don’t worry about it! It’s all good! At least Android is open. Well as soon as Google decides given version is open, I mean it’s not like you can actually go ahead and download early builds of Android 5 and make changes and contribute like you can with an actual open source projects like Mozilla or any Apache projects. But still, Android for teh win! Die Apple and your stupid and secure iOS die!

    • 8PAQ,

      I can’t work out if you are trying to be sarcastic or not. You clearly point out that Android isn’t as “open” as other open source products and yet you call iOS stupid because it is secure???

      I think I am missing the point somewhere???


      • 8PAQ

        Yeah I am being sarcastic. I think there a price to pay for openness. Malware and other security issues are that price. Sometimes being open is as great it seems.

        • 8PAQ

          Isn’t* as great

          • Vijfhoek

            Typical childish behaviour, turning grammarnazi if losing arguments…

          • Vijfhoek

            Oops, misread that, you were cprrecting yourself, sorry.

        • AppleFUD

          Once again you are very wrong and make yourself look like the Android basing ifan you are. . .

          Linux, THE MOST open platform is THE most secure. One reason is because it is open and therefore has so many eyes on it. Another reason is, it isn’t that popular on the desktop just yet and therefore hasn’t been worth the effort to crack it.

          Android is very popular. Now 56% of the world wide market for smartphones, and like Windows is now a very big target. And like any OS it is impossible to make it 100% bullet proof to hacking — just ask apple about that (not that they have ever tried to make their OS truly secure). Windows has significantly better security features than OSX (if you use Ultimate you can make your setup pretty bullet proof) but still has more malware/virus issues. . . because it is a bigger target and people are idiots and don’t setup their devices properly and then click on just about anything and let it then install.

          Being open has NOTHING to do with this issue at all. If it were indeed about being an open platform then MeeGo, Tizen, Linux, etc should all have the issue, but no one cares yet about them just like no one cared about Mac for 20 years.

          And if being closed solved the problem then why does apple & ios still have malware issues? Sure they can ban a developer, as can Google, Amazon, etc. . . but the holes are still there and just like rooted Android device, Jailbroken iOS devices are just as susceptible to human stupidity.

          At least try and think a little about your Android bashing statements. . ..

          You know something like, Google really needs to vet the market better, etc — since they have let in bad apps that have actually been in the market for a significant period of time. . .

          At least then you can point to something that is in the realm of Google’s ability to deal with. Controlling people’s stupidity, rooting devices, downloading bad apps, etc . . . all that leads to the issue at hand and Google can’t control that any more than you can make OSX secure.