At the end of the second quarter of 2013, Trend Micro found there to be 700 thousand malicious and risky apps in the wild, leading it to predict that Android malware would reach the dubious one million milestone by the end of the year. But that day has arrived one quarter early.
“Our Mobile App Reputation data indicates that there are now one million mobile malware (such as premium service abusers) and high-risk apps (apps that aggressively serve ads that lead to dubious sites). Among the one million questionable apps we found, 80% perform outright malicious routines, while 20% exhibits dubious routines, which include adware,” said Dhanya Thakkar, Managing Director, India & SAARC, Trend Micro.
Beyond the dangers malicious apps posed, mobile devices were also hit by threats that transcended platforms. These include a fake WhatsApp email containing a link that, when clicked using a mobile device, may lead to a site that hosts a premium service abuser. This was not the first time that mobile devices were targeted by multi-platform threats. In this case though, the attackers opted to use spam as infection vector instead of relying on a more “direct” approach like blackhat search engine optimization (SEO) or social media abuse.
Another cross-platform issue was the rise of the number of phishing sites specifically designed for mobile devices. According to data we gathered from January to September this year, we noted a 53% increase in the number of phishing sites compared with the same period last year. This quarter, 42% of the sites spoofed banks and other financial institutions
Malware families such as FAKEINST (34%) and OPFAKE (30%) are the top samples making the rounds today, the firm found. FAKEINST malware are typically disguised as legitimate apps, but they instead send unauthorized text messages to certain numbers and register users to costly services. One high-profile incident involving FAKEINST is the fake Bad Piggies versions.
The OPFAKE malware is similar to FAKEINST, in that it mimics legitimate apps. However, a variant (ANDROIDOS_OPFAKE.CTD) was found to open an HTML file that asks users to download a possibly malicious file.
On the high-risk apps front, ARPUSH and LEADBLT lead the pack, gathering 33% and 27% of the total number, respectively. Both are known adware and infostealers, collecting device-related data such as OS information, GPS location, IMEI and so on, according to Trend Micro.