Announcement of 26. October 2021

G DATA Mobile Malware Report: Criminals keep up the pace with Android malware

A new malicious app for Android smartphones appears every eleven seconds

The number of malicious Android apps has fallen to around 1.3 million malware samples in the first half of 2021. This is shown in a current study by G DATA CyberDefense. Despite the decline, however, the pace of the cyber criminals remains high.

Smartphones with an Android operating system remain a popular target for cyber criminals. The latest Mobile Malware Report from G DATA CyberDefense shows that more than 1.3 million new malicious apps for smartphones with an Android operating system were in circulation in the first six months of the year. This number has decreased by 34.5 percent compared to the same period last year. However, the attackers continue to keep up the pace of the attacks. A new app with malware still appears every eleven seconds. The total number of known Android malware samples since the discovery of the first malicious app over ten years ago is around 23.4 million.

Stefan Decker

Despite the marked decline, there can be no talk of easing.In the first half of 2020, cyber criminals took advantage of the start of the coronavirus pandemic and were very active with, for example, fake coronavirus tracker apps. Meanwhile, attackers are also using other ways to damage smartphones with malware, such as fake links sent via SMS.

Stefan Decker

Security Researcher in the Mobile Team at G DATA CyberDefense

Flubot - attack via SMS

Flubot shows how cyber criminals have adapted their methods in the face of the ongoing coronavirus pandemic. The attackers took advantage of the ongoing online shopping boom and the resulting high volume of packages. A large number of users would receive a message via SMS saying, for example: “Your package has been sent. Please check and accept it”; “Your parcel is on its way, track it here”; or “Unable to deliver your parcel. More info:”. All the messages contain a link. However, this does not lead to the website of a parcel service, but initiates a download of the Flubot banking Trojan, thus infecting the smartphone with malware. Once the malware is installed, it copies confidential information such as bank or contact data and leaks credit card information. The attackers then use the contact information to send further fake text messages.

Luca - endless glitches

Two things in the first half of 2021 have shown how important data protection and data security are for mobile devices - the continuing discussion concerning the Luca app and the law on telecommunications surveillance. The Luca app was used for compulsory documentation for event organisers or restaurateurs during the coronavirus pandemic. However, IT security experts were able to prove that the developers had made several errors. For example, cyber criminals could have extracted user data due to a vulnerability and smuggled in malware at health authorities. “The Luca error list is long and users are regularly discovering new problems with the app,” says Stefan Decker. “Errors with checking-out, fake check-ins or the creation of false identities show that the development company simply disregarded security standards. In the current situation, however, reliable data for contact tracing is particularly indispensable. I recommend switching to the function in the official coronavirus alert app instead, as it has proven itself in terms of security.

State Trojans - government-decreed security breach

The government has also significantly weakened the security of digital services with one of its decisions. Following an amendment to the Telecommunications Surveillance Act, the Federal Police and all 19 intelligence services in Germany are able to hack into suspects' computers and smartphones. The investigating authorities can use corresponding surveillance software - also called state Trojans - to read or listen in on suspects' encrypted communications such as chats or calls. “This planned, massive restriction of encrypted communication damages the entire security industry in Germany and Europe and is a serious intrusion into people's secure communication,” says Ralf Benzmüller, Executive Speaker at G DATA Security Labs.

Take responsibility, create security

The security situation for smartphones and tablets remains tense. “The last six months have clearly shown that some companies in particular are not taking responsibility and are thus causing lasting damage to the trust in data protection,” says Stefan Decker. “More and more users are entrusting their smartphones with a lot of personal data that needs special protection.” For several years now, Google has been investing much more work in securing the Play Store and the Android operating system. Part of this is that Google is controlling the access rights of apps more strongly. Consequently the number of malicious apps in the Play Store has decreased further.


Announcement of 26. October 2021