Announcement of 02. October 2020

G DATA Mobile Malware Report: Harmful Android apps every eight seconds

Cyber defence company identifies more than two million malicious Android apps in the first half of 2020

An Android app containing malware is published by cyber criminals every eight seconds, according to the findings of a current investigation by G DATA CyberDefense. Compared to the first half of 2019, this represents an increase of more than ten percent. Particular attention was paid to fake corona trackers and droppers.

During the corona crisis, criminal hackers also attacked smartphones and tried to install malware on the devices. Current figures from G DATA CyberDefense show that a new Android app containing malware is released every eight seconds. One scam involves fake corona trackers. However, hidden behind the practical overview with real-time information on current infections, users download adware or, in the worst-case scenario, even ransomware onto their mobile device.

Tim Berghoff

During the pandemic, the smartphone has once again gained in importance as a digital assistant in everyday life. For one, more people have taken advantage of the possibility of contactless payment by smartphone. The smartphone serves as a professional communication hub, a way of staying in touch with friends and relatives, and also as a payment terminal. Good protection is therefore vitally important.

Tim Berghoff

Security Evangelist at G DATA CyberDefense

More than two million Android apps are infected with malware. This breaks down to an average of more than 11,000 apps per day. Those are the figures identified by G DATA mobile security specialists in the first six months of the year. Cyber criminals are also increasingly using so-called droppers for mobile malware. This is an installation file for an Android app, which in itself has no malicious routines. But it only downloads and installs malicious "Android packages" during a second stage. This allows attackers to protect the malicious code from being detected. Given that the code tends to be very difficult to produce, it is expensive to develop. A further advantage is that these malicious apps can be specifically tailored to different target groups, for example as a game or as an app for photo editing. Children are particularly vulnerable here, as security experts have shown on several occasions. The mobile Fortnite version was one of the apps affected. The damaging component remains the same, only the shell changes and these apps are distributed quite legally via app stores. Security experts have even identified dangerous apps in Google's Play Store, although this is often considered the safest alternative.

Cheap and dangerous

Cheap smartphones remain problematic. This is because the supposed bargain devices are very popular among certain target groups such as primary school children or the grandparent generation as an entry-level device. The main problem is that time and again, smartphones come onto the market with pre-installed harmful apps or operating systems that have been manipulated. As soon as they are activated, they take on a life of their own and install apps or send text messages overnight without the knowledge or consent of the user. The manufacturer is not always to blame for installing malware on the smartphone, however: Criminals use the opportunity to manipulate the devices during shipping or at an intermediary's premises. The problem is that malware is often deeply integrated into the firmware and removing it is a costly and complex process, and impossible to achieve without specialist knowledge. Unless you are confident enough to manually install a new firmware directly from the manufacturer, you are better off buying a new device, which is a much easier process. The old device should be disposed of professionally and reset beforehand.

One sure sign that malware is installed on a smartphone is high battery consumption in order to execute actions in the background which criminals use to earn money. “Another potential sign is that a banking app cannot be installed,” says Stefan Decker, Mobile Researcher at G DATA CyberDefense. “Every mobile phone should have an up-to-date virus scanner. It protects users from unpleasant surprises caused by harmful apps.”

The dangers for smartphones will continue to increase. After all, mobile devices have become an integral part of everyday life, taking over many routine functions. Users entrust digital assistants with a great deal of personal data that calls for special protection. Data should be handled particularly carefully, and special care should be taken with respect to passwords for the apps on the device.


Announcement of 02. October 2020