A report claims Android malware is rising so fast we will see one million instances before the end of this year.

Android apps removed from Play Store for hosting adware
A report claims Android malware will become so prevalent in 2013 that we will see one million instances before the end of the year. (Credit: Reuters) Reuters

Reports stating that Android malware is on the rise are nothing new, but a report suggesting that 2013 is likely to see one million malicious and high-risk Android apps in the wild serves to highlight just how prevalent the problem has become.

According to the latest Security Roundup Report from Trend Micro, the first six months of this year has seen a doubling of Android malware. While it took three years for 350,000 malicious and high-risk apps to appear, it has only take six months for that figure to double.

The number of malicious and high-risk Android apps hit 718,000 in the second quarter of 2013, up from 509,000 at the end of the first quarter and just over 350,000 at the beginning of the year.

Trend Micro is predicting that Android malware is on course to top one million in the coming months.

The growth in Android malware is reflected in the continued growth of Android smartphones globally, with the Google operating system now accounting for well over 50% of all smartphones sold around the world.

Fractured

"Due to the fractured nature of the Android network, it is very difficult for patches to reach all users in an effective timeframe. In some cases, users will never get patches as vendors leave their customers at risk of attack," said JD Sherry, vice president, technology and solutions, Trend Micro.

"Until we have the same urgency to protect mobile devices as we have for protecting PCs, this very real threat will continue to grow rapidly. At the rate this malware is accelerating - almost exponentially - we appear to be reaching a critical mass."

The past three months also saw a specific threat emerge which affected 99% of Android smartphones in the market. The so-called Android "Master Key" vulnerability would let attackers take an existing app, inject malicious code, and repackage it so it could pretend to be the original app.

Open source

While Google has updated Google Play to prevent attackers from taking advantage of the flaw, it serves as a reminder of the vulnerability of Google's open source eco-system.

While the headline grabbing figure of one million malicious and high-risk apps will worry many, the reality is that the vast majority of this malware is not targeting users here in the UK. According to Trend Micro, the majority of these apps are downloaded in south-east Asia, the Middle East, China and Russia with no European or north American country appearing in the top ten list of either type of app.

The reason for this is two fold. First, budget Android smartphones are beginning to become popular in these countries but more importantly, the majority of these phones don't connect to Google Play and use less-secure third-party app stores where malware is highly prevalent.

However, while it may be true that the majority of malware targets users in these areas, Trend Micro's Rik Ferguson said in March that one in 10 apps in the Google Play Store were malicious, meaning all Android users are at risk.

Spoofed

Trend Micro says that the majority of Android malware appears as spoofed or Trojanised versions of legitimate apps with almost half of the malware discovered used to unwittingly sign users up to costly services such as premium rate SMS services.

Last week at the DefCon security conference in the US, mobile security firm Lookout revealed some research which highlighted the highly organised, complex and profitable nature of Android malware development taking place in Russia.

SMS fraud malware from Russia accounted for 30% of all the malware Lookout was detecting and folowing a six month investigation, it found that the vast majority of this malware was being produced in 10 so-called "Malware HQs" which developed the malicious apps.

The HQs then work with a network of affiliates who distribute the malware for them, with the HQs taking a cut of all money made by the affiliates. The affiliates can customise the apps to look legitimate apps like Skype or Google Play and once downloaded, the malware sends out one or more premium rate SMS, costing anything up to $20 at a time.

However, as Trend Micro's report shows, the Russian SMS fraud malware is targeting just Russian mobile phone numbers, and use carrier short codes which don't work outside the country.