Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us


    Some of the apps discussed in this blog entry were developed with an older adware SDK that did not contain opt-in provisions, particularly regarding the ability to collect information and display ads outside of the original app. The adware SDK has since been updated to this capability to comply with Google’s developer policies; apps that use this newer version are no longer considered high-risk.

    More details about this change can be found in our December 2012 Monthly Mobile Review: The Hidden Risk Behind Mobile Ad Networks.

    With three months to spare before the year ends, our prediction that mobile threats, specifically malware and high-risk apps reaching the 1 million mark has finally come true.

    In our 2Q Security Roundup for the year, we noted that more than 700 thousand malicious and risky apps were found in the wild. This impressive number plus the continuous popularity of the platform among users lead us to predict that 2013 would be the year when Android malware reaches 1 million.

    Figure 1. Growth in malicious/risky Android apps

    Our Mobile App Reputation data indicates that there are now 1 million mobile malware (such as premium service abusers) and high-risk apps (apps that aggressively serve ads that lead to dubious sites). Among the 1 million questionable apps we found, 75% perform outright malicious routines, while 25% exhibits dubious routines, which include adware.

    Premium Service Abusers, Adware Among Top Mobile Threats

    Malware families such as FAKEINST (34%) and OPFAKE (30%) were the top mobile malware. FAKEINST malware are typically disguised as legitimate apps. They are also premium service abusers, which sends unauthorized text messages to certain numbers and register users to costly services. One high-profile incident involving FAKEINST is the fake Bad Piggies versions, which we found right after the game’s release.

    Figure 1. Top Mobile Malware Family

    Figure 2. Top Mobile Malware Family

    The OPFAKE malware is similar to FAKEINST, particularly in mimicking legitimate apps. However, a variant (ANDROIDOS_OPFAKE.CTD) showed a different side of the malware, as it was found to open an .HTML file that asks users to download a possibly malicious file. Aside from sending messages to certain numbers and registering users to costly services, premium service abusers pose other risks to users. Our recent infographic shows the other dangers of installing this type of mobile malware.

    On the high-risk apps front, ARPUSH and LEADBLT lead the pack, gathering 33% and 27% of the total number, respectively. Both are known adware and infostealers, collecting device-related data such as OS information, GPS location, IMEI etc.

    Figure 2. Top High-risk Apps Family

    Figure 3. Top High-risk Apps Family

    The threat to mobile devices, however, is not limited rogue versions of popular apps and adware. Threat actors are also pouncing on mobile users’ banking transactions, with the likes of FAKEBANK and FAKETOKEN malware threatening users. Details about these malware can be found in our recent report A Look At Mobile Banking Threats.

    To keep your devices safe, it is important to treat your devices like your PC counterparts specially when it comes to security. Be wary of downloading apps and make sure to read the comments section and developer details. Trend Micro protects users from mobile malware and high-risk apps via Trend Micro Mobile Security App. Our Mobile Threat Hub also provides helpful information about mobile threats  and security tips for your smartphones, tablets and other gadgets.

    With analysis from Trend Micro Mobile Response Team

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • x41x41x41x41

      Any examples / hashes that are on VT for the ADTU family on pie chart 1?

      • x41x41x41x41



        • x41x41x41x41

          That’s all I can find though. Strange that these 2 samples would account for a family that makes up 7% of Android Malware.


      Horrible. This is the reason I decide to use iOS devices from Apple.

      • Thomas’

        And yet I’ve to see my first malware in reality. All I notice are warnings from “security companies” trying to sell their crap to people.

        • Ezzy

          Exactly. Bullshit and scaremongering. F-Secure does the same thing. 1M “questionable” apps with “too many” permissions etc are probably counted in as well which is just rediculous. Google isn’t perfect by far, but these are just stupid.

      • x41x41x41x41

        I’d rather live in the wild west than in a prison.


          Well, Microsoft is wild west and Android the “only Android-Apps” prison. I like to stay as free men, using OS X and iOS, where I can develop, what ever I want. But I understand: You are just a user without programming knowledge and for you – every system is a prison. I suggest to learn some fundamentals 😉 LOL


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice