Announcement of 30. July 2019

Mobile Malware Report - no let-up with Android malware

G DATA security experts counted more than 10,000 new malware apps every day in the first half of 2019. The security situation in the mobile sector continues to be tense.

It’s not a new record, but there’s no let-up with Android malware either. Experts at cyber defence specialist G DATA have counted around 1.9 million new malicious apps in the first six months of the year - a slight decline compared to last year. To put this in context - on average, criminals are publishing an infected app for Android every eight seconds.

The number of new malicious apps for Android devices declined slightly in the first half of 2019. While experts at cyber defence specialist G DATA discovered more than 2.04 million infected apps between January and June 2018, they have found 1.85 million this year - a decrease of around 9 percent. “The risk for smartphones and other mobile devices still remains very high,” says Alexander Burris, Lead Mobile Researcher at G DATA. “Because smartphones are now almost indispensable, constant companions, they are an attractive target for cyber criminals. Adware or ransomware, which directly harms the user, are particularly lucrative.” The total number of known malicious apps is approaching the 100 million mark. By the end of June, the number of all known malicious apps had totalled over 94.2 million.

Using devices with old versions is like having unprotected sex.

Alexander Burris

Lead Mobile Researcher

Too many Android versions

The continuing high threat potential of Android is favoured because of a wide variety of factors. One is the still high level of fragmentation of the operating system being used. Currently, only one in every ten devices has the latest Android version 9 - Pie - installed. And Android 8 - Oreo - is being used on 28 percent of smartphones and tablets. Conversely, this means that 60 percent of the devices are still using outdated versions that were made available before August 2017. “Using devices with old versions is like having unprotected sex,” warns Burris. “You should think very carefully about what you're going to do.” However, manufacturers have made adjustments to older devices that unnecessarily lengthen the update process or block it completely. Google’s Android One concept with guaranteed updates has gained a lot of momentum. With new purchases, users should check beforehand with the manufacturer whether updates are provided on a regular basis.

Outdated devices and cheap Chinese imports

Both outdated operating systems and outdated smartphones that are lacking the latest patches make it easy for hackers to install malware on the device. The reasons for this situation are twofold:  either there are no current updates for the device, or customers have not installed them.

A third factor is that cheap devices with pre-installed malware are still available in stores. The malware is invisible to the owner and cannot be deactivated. This means that online criminals have full access to the smartphone and all personal data. Vendors do not always provide virus-free firmware updates. It is not possible to remove the malware manually because it is deeply integrated into the firmware.

Google takes the subject of security seriously

To save costs, some vendors distribute their apps through alternative sources. This saves them the Google Play licence fees. However, such alternatives are a popular gateway for hackers. “If you don't install apps from Google's official play store, you are running a much greater risk of downloading an infected app,” warns Alexander Burris.

Google, on the other hand, is paying much more attention to the issue of security. To this end, the company presented and implemented a number of measures last year. “The measures introduced by Google are pointing in the right direction,” says Burris. “However, only time will tell whether these measures are leading to a permanent decline in malware numbers.” The current announcement to convert large parts of the update infrastructure to Android Q and to update the system components independently of the OEM manufacturers also gives reason to hope that the problem of missing updates will be dealt with.

Losses in the millions

SimBad, Operation Sheep and Agent Smith are three examples that illustrate how successful cyber criminals are. An estimated 150 million users have an Android app with the SimBad malware installed on their mobile phones. The second successful malware campaign is known as Operation Sheep. The infected apps have been downloaded more than 111 million times. All the apps are mainly found in third-party app stores. Agent Smith is the name of the third major campaign. This has infected 25 million smartphones in Asia. Once installed, it replaces applications with infected clones so that the apps play advertising. Initially, the malware was only circulated via third-party stores. However, the first infected apps have now started appearing on the Google platform as well. According to experts, the infection path is very complex, so we can expect to see this spyware being used to read sensitive data in the future.

Summary and outlook

The security situation for Android remains tense. Even though Google has taken far-reaching measures, there are still numerous gateways for criminals. One worrying trend is that, in order to cut costs, more and more companies are offering apps exclusively from alternative sources. This undermines a central security rule which says to avoid installing apps from insecure or untrusted sources.


Announcement of 30. July 2019