Study: 32.8 Million Android Phones Infected with Malware

Do you have an anti-virus app on your Android phone yet? If not, a new study conducted by security firm NQ Mobile suggests you’re playing with fire.

  • Share
  • Read Later

Do you have an anti-virus app on your Android phone yet? If not, a new study conducted by security firm NQ Mobile suggests you’re playing with fire: The number of malware threats to your Android phone has increased 163% over the past year alone.

The study, which looked at over 5.3 million apps available in 406 different online stores, identified 65,227 different pieces of potentially dangerous malware last year. A quick look at the trend suggests that malware is growing at an exponential rate – there were only 1,649 such malware discoveries in 2009.

nq-malware-chart-400px

In total, 32.8 million Android phones were infected with malware in 2012 – more than triple the number of the year before. The majority of these infections involve spyware or adware, while about a quarter are designed to steal and profit off of your personal data. A smaller minority is designed to make your phone permanently unusable, something we’d all no doubt like to avoid.

Earlier this year, NQ discovered a new type of Android threat: Malware that can spread from your phone to your computer via a USB cord. That particular attack only affected a small handful of Android users. Still, security experts warn that hackers will continue to find these new and inventive ways to steal data, even from the most cautious among us.

Android malware is a rapidly increasing threat, but there are some simple measures you can take to buff up your phone’s security. Be sure to look at the Techlicious guide to mobile security, where we break down some of your best (free!) choices for smartphone anti-virus protection.

This article was written by Fox Van Allen and originally appeared on Techlicious…

More from Techlicious:

9 comments
SamLorenz
SamLorenz

you have to be incredibly stupid to somehow end up with malware on your android phone, I've had my nexus for well over a year not a single issue.

brkshr
brkshr

I had to disable my script blocker & make an account with livefyre, just to say this.

defineinsanity is 100% correct in everything he wrote!!!

All you have to do, to keep your phone safe, is not install stupid apps, with low users, bad reviews & unexplained permissions.  Running an anti-virus on an Android will only slow down your phone/tablet.  The only reason you may want to install a security program on Android, is so you can track your phone if it's lost.  Then you would disable any "anti-virus" features in the app.  Better yet, just install an app that is made specifically, and only, to track your phone.  Like Cerberus.

If you trust AVG for anything, I pity you.  AVG & McAfee are the two worst anti-viruses ever made & are, by definition, spyware & malware.  Every single computer I've ever had to clean or fix, has had these programs on them.  They slow your computer down immensely & do next to nothing for viruses, trojans & everything else.

Back to Android.  YOU DO NOT NEED ANTI-VIRUS SOFTWARE ON YOUR ANDROID!!!  You're only buying into the hype that these software/anti-virus companies sell.  It benefits them if you are scared of these things, so of course they publicize anything that can even remotely scare you & pitch their software as the savior.  Don't fall for this people.

definesinsanity
definesinsanity like.author.displayName 1 Like

Let me just add a voice of reason here;

"MALWARE" is not the same as a virus, worm, or other similar type of software. Malware simply performs actions that are not advertised, not expected, and/or not wanted.

What that means, in simple terms, is that malware typically works within the confines of the allowable permissions granted by the system's security configuration. If you install an application and grant it permission to access the internet and access your contact database, then that application could, in theory, copy your contact database and send it to, for example, North Korea. Its not a virus, because you gave it permission to be able to do what it did, but it is malware, because it did something with that permission that you TRUSTED that it WOULD NOT do.

Unlike a virus or worm, an instance of installed malware does not constitute an "infection". You can't be infected with malware, nor can malware replicate itself throughout your system, or to other systems it comes in contact with. In fact, it takes a direct and intentional motion on the part of YOU (the user) to install!

So... malware is not a virus. This means that an anti-virus can't do anything. In fact, given the very HIGH degree of security on Android, an anti-virus CAN'T EVEN WORK. Why? Because there is no such permission available within Android to gain access to the installation or storage of any other software on the system. What that means, is that FOR an anti-virus to work, it must violate the system's security, which makes it a special kind of malware called a TROJAN. The good news is that these so-called "anti-virus" programs, on Android, don't actually do anything, which makes them pretty weak malware that do nothing except give the user a false sense of security over an imaginary threat. Imaginary threat because the non-existent threat is imagined due to decades of experience fighting off actual damaging worms and virii from less sophisticated operating systems, like mswindoze.

The only way to protect yourself from malware, is to use [un]COMMON SENSE. If you come across a piece of software developed by a nobody software vendor, asking you for permission to access sensitive information or access the internet, then you really need to ask yourself "DO I TRUST THIS VENDOR with that kind of access?" If the answer is "NO", then DON'T INSTALL IT. If the answer is "yes", then you are placing your trust in that vendor, that they won't abuse the privileges you are granting them. If the answer is "I don't care", then whatever that software does, its not malware, since it is behaving within the confines of "I don't care".

joshk
joshk

@definesinsanityYou're mixing up terms a little bit. "Malware" is a general catch-all term for viruses, worms, trojans, adware, spyware and other programs that serves a malicious purpose. The term "viruses" is used specifically for malware that is self-replicating.

To recognize the varied nature of malware, most security programs are now labeled "antimalware", not "antivirus". And antimalware programs don't have to remove programs to be effective. If an antimalware alert you when you try to install a bad app or notify of you of bad apps you have installed on your device so you can delete them yourself, I would consider that effective. Some antimalware apps will also alert you to phishing sites - not a malware issue, per se, but certainly helpful for protecting you from bad guys.

Your advice on how to avoid malware is sound. Only installing apps from trusted stores (Google Play and Amazon App Market) and avoiding apps from unknown vendors or that ask for unusual permissions will go a long way towards keeping you safe. However, as mobile threats evolve, that alone won't be enough if we see drive-by downloads and other insidious threats evolve for mobile as they have in the PC world.

definesinsanity
definesinsanity

@joshk @definesinsanity 

I mixed up nothing. What I said, I'll repeat: Malware is too general of a term, it includes things that are UGLY, but not self replicating or self installing. Not everything branded as MALWARE is actually DAMAGING. In fact ALL that is branded MALWARE on ANDROID is just abusive of permissions that YOU GIVE IT. Acting completely WITHIN the limits of those permissions.

And again, antivirus CAN'T WORK on Android. Even if you want to call it "antimalware" or anything else. Not without violating the security in a manner beyond ANY other "malware" that exists for that platform.

And no, there is no trusted distribution network, only trusted SOFTWARE VENDORS. If the program is written by, for example, IBM rather than "some person" in an untrusted country. Whether it comes through android market or anywhere else is irrelevant.

Luscus
Luscus

If you install AVG free antivirus from the play store, it also comes with a kickbut find my phone feature..Can't go wrong!

definesinsanity
definesinsanity like.author.displayName 1 Like

@Luscus 

Sure you can go wrong with that. That software is itself malware. Anti-virus *can't* work on Android.

Luscus
Luscus

@definesinsanity @Luscus I do not know what you base that on, but it worked for me and it did find some malware on my phone. I am sure they did not spend hundreds of hours of programmers and Dev specialist to test the app, for a dud.

Want to know more?  http://www.avg.com/us-en/antivirus-for-android

os2baba
os2baba

@Luscus @definesinsanityI have been using Android from the 1st day the G1 was released way back in 2008.  And I don't have any "malware" on my phone.  I did have some apps that used to display Ads in the notification shade a few years back, but there are a number of apps that immediately popped up to track them and thankfully I have not seen those type of apps for a while now.

definesanity explained much better than I could have on how to avoid such apps so I'm very curious what malware AVG identified on your phone and how did you install those apps?  Did you get them from the Play Store?  Did you read the permissions before installing it, Did you look at the reviews?  Just curious.  The reason I ask is because from time to time, I download some of these apps and run them to see what they flag as malware.  Except none of them have ever tracked a single app on my phone.