Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.
More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.
With three months to spare before the year ends, our prediction that mobile threats, specifically malware and high-risk apps reaching the 1 million mark has finally come true.
In our 2Q Security Roundup for the year, we noted that more than 700 thousand malicious and risky apps were found in the wild. This impressive number plus the continuous popularity of the platform among users lead us to predict that 2013 would be the year when Android malware reaches 1 million.
Figure 1. Growth in malicious/risky Android apps
Our Mobile App Reputation data indicates that there are now 1 million mobile malware (such as premium service abusers) and high-risk apps (apps that aggressively serve ads that lead to dubious sites). Among the 1 million questionable apps we found, 75% perform outright malicious routines, while 25% exhibits dubious routines, which include adware.
Premium Service Abusers, Adware Among Top Mobile Threats
Malware families such as FAKEINST (34%) and OPFAKE (30%) were the top mobile malware. FAKEINST malware are typically disguised as legitimate apps. They are also premium service abusers, which sends unauthorized text messages to certain numbers and register users to costly services. One high-profile incident involving FAKEINST is the fake Bad Piggies versions, which we found right after the game’s release.
Figure 2. Top Mobile Malware Family
The OPFAKE malware is similar to FAKEINST, particularly in mimicking legitimate apps. However, a variant (ANDROIDOS_OPFAKE.CTD) showed a different side of the malware, as it was found to open an .HTML file that asks users to download a possibly malicious file. Aside from sending messages to certain numbers and registering users to costly services, premium service abusers pose other risks to users. Our recent infographic shows the other dangers of installing this type of mobile malware.
On the high-risk apps front, ARPUSH and LEADBLT lead the pack, gathering 33% and 27% of the total number, respectively. Both are known adware and infostealers, collecting device-related data such as OS information, GPS location, IMEI etc.
Figure 3. Top High-risk Apps Family
The threat to mobile devices, however, is not limited rogue versions of popular apps and adware. Threat actors are also pouncing on mobile users’ banking transactions, with the likes of FAKEBANK and FAKETOKEN malware threatening users. Details about these malware can be found in our recent report A Look At Mobile Banking Threats.
To keep your devices safe, it is important to treat your devices like your PC counterparts specially when it comes to security. Be wary of downloading apps and make sure to read the comments section and developer details. Trend Micro protects users from mobile malware and high-risk apps via Trend Micro Mobile Security App. Our Mobile Threat Hub also provides helpful information about mobile threats and security tips for your smartphones, tablets and other gadgets.
With analysis from Trend Micro Mobile Response Team