Android malware exploding, says Trend Micro

Android malware continues to increase

The amount of mobile Android malware has surged this year, from a count of 30,000 malware specimens in June to almost 175,000 last month, according to Trend Micro's Security Roundup report for the third quarter of this year.

"When we predicted earlier there would be 125,000 by the end of the year, Google called us charlatans," says Raimund Genes, Trend Micro's chief technology officer, who says the security firm is counting Android malware variants as it does with Windows-based malware specimens. The Trend Micro report notes the fake versions of legitimate Android apps are the most prevalent type of Android malware, counted at 29,309. Others have names like Boxer, Kmin, Opfake, Trojsms, Ginmaster and Droidkungfu.

RELATED: FBI warns Loozfon, FinFisher mobile malware hitting Android phones

MORE: The 10 most common mobile security problems and how you can fight them

Ironically, since the Google Android operating system has undergone a kind of fracture due to so many variations of it being used by different manufacturers on Android mobile devices, this has probably actually slowed down hackers trying to attack the Android OS, Genes notes. And despite the surge in mobile malware, it's still far below the many millions of Microsoft Windows-based malware variants.

With directness, the Trend Micro report also takes aim at an area of growing concern, Android adware, devising a "Top 10 Most Aggressive Android Adware" list of adware that may send an excessive, undeclared amount of personal information captured off a device to ad networks.

A lot of this adware has come though the legitimate Google Play app store, and sometimes has been yanked when objections were voiced, but in Trend's view, this marketing adware has to be considered insidious if only because it's grabbing user personal data off Android devices outside of the adware's declared purpose by the developer, including licensing agreements.

This might be anything from geolocation data to unique ID of the phone and phone numbers you call and your contacts, among other things, Genes says. Often, "there's no way to opt in or opt out," he notes. "In Europe, it's illegal to grab that information."

Trend says it's analyzed adware for what it considers clear privacy violations, and some of these adware suppliers are not pleased to be named as "aggressive Android adware" and their lawyers are sending threatening letters to Trend Micro.

But Genes says Trend feels confident in its position and will continue to voice its concerns about ad networks that fail to alert users of adware's data-gathering behavior. The mobile adware issue evokes similar circumstances of years ago when what then came to be known as "spyware" targeting Windows desktops for marketing purposes became a battle in the security industry, too.

On Trend Micro's "Top 10 Most Aggressive Android Adware" list is:

Airpush with 26,321 Leadbolt with 20,502 Touchnet with 8,541 Gappusin with 6,978 Adwizp with 4,254 Plankton with 4,137 Adswo with 3,342 Wooboo with 2,032 Wapsx with 515 |Mobiletx with 100

Trend Micro bases much of its report findings on data collected across its cloud-based Smart Protection Network for global threat intelligence. There's also an update on the top spam-sending countries where email spam originates (though it's often thought to be controlled through botnets whose masters may reside in an entirely different country). Currently, the surprise is that Saudi Arabia has suddenly come from nowhere to become the top spam-sending country.

"This is really new," comment Genes, and it's probably because spam filtering has improved in other countries, such as the U.S, India and Turkey, and spammers are currently turning to Saudi Arabia as a new place to exploit compromised computers and networks to blast spam across the world.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags android malwareTop Ten Most Aggressive Android MalwareGoogletrend microsecurityanti-malwarefbi

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place