What Does Android Malware Try To Do?

Malware is an unfortunate reality of Android's open approach (though much of it can be avoided with the right software and a suspicious attitude to app permissions). But what does that malware try to do? A recent analysis by Kaspersky provides some clues.

Kaspersky's Q2 report on IT threats identified 14,900 new malware threats for Android over a three month period. That's a disturbing number, but what's arguably more interesting is the categories those threats fall into. Three main groups dominated:

  • 49 per cent of the total were "multi-functional trojans", which typically try and steal contact information, but also can download additional modules which can perform other dangerous tasks.
  • 25 per cent were "SMS trojans", which automatically send SMS messages to premium-rate numbers. These are, obviously, much more dangerous to users on postpaid plans, who can run up large bills.
  • 18 per cent were "backdoor" trojans, which give overall control of the device and are used to build botnets.

The open nature of the Android platform means security issues are inevitable (though even closed ecosystems such as that for iOS are not entirely immune, especially when it comes to apps accessing contact information).



    Most of the stuff on Google Playstore is supported by Google adds. Wouldn't that be adware? Kaspersky’s is suggesting only 3% or malware is adware? Somthing dosn't add-up.

    Is this mainly an issue with Phones or are Tablets just as big an issue? Seems to me , every time people write about Android, that the story is almost always aimed at Phones only!

      Not all tablets have SIM cards, so a WiFi device would be able to send SMS to premium numbers. Some don't even have contact databases. So the threat level is reduced.

      @Seriously: I'd say they'd have looked at whether the apps explicit purpose was to maliciously direct clickthroughs or not. So 'ad supported' (legit freemium apps) vs 'ad ware' (apps that only advertise, or only have bare functionality.)

      @Timmahh: The Article doesn't say anything about mobiles at all! It just says 'Android' as in the OS. To answer your question though, yes, across the board this is an issue.
      If there is a bias towards mobiles in other reporting, it's because iPad still has the tablet market stitched up while Android is passing iOS in the mobile market, and the tablets are not nearly as connected as mobiles usually are so tend to be (slightly) less enticing to crims.

      To answer your question accurately, please ignore the other respondents. And especially the author of the article! That person has, once again, like so many other "IT Journalists" just mindlessly and uncritically regurgitated the marketing copy of an organisation whose only interest here is selling you their solution to the problem they just told you you have! ie snake oil, and he just gave them free advertising. Its easy to check - Google any number of similar articles. 1) the source is ALWAYS a purveyor of anti-malware, 2) the source's copy almost always talks in percentages with no baseline, 3) the source never explains what the source of the infected apps are or downplays it. The last point is the ONLY point that matters. We are now seeing some of this discussion actually accurately pointing out the "the majority" of the apps are from sources other than the Play store. But even this is deceptive - it gives completely the wrong impression of the seriousness of the issue because it relies successfully on the hysteria that has been whipped up. Now for the facts: Android does NOT have a malware problem at all. Shock horror! 99.99% (at least) of all these 'examples' are on dodgy 3rd party stores designed for this purpose. You have never been to one of those stores, and even if you had its completely irrelevant because every Android device in existence that has Google Play is delivered to you locked down so that it can only install apps from Play. End of story. You cannot access those dodgy apps on the dodgy store and so are perfectly safe! Yay! Only if you explicit disable this protection, ignore the warning, go to a dodgy site, further ignore a the warnings about the permissions you are given the app (it still MUST request access to send SMSs and you must allow it, even malware!) do you become vulnerable. Almost no one disables this protection outside the developer or pirating communities, which you are not part of if you are asking this question. In fact most have no idea even how to disable this feature. The only real danger you will ever be at risk of is if malware sneaks onto Play. This has only happened about 3 times in recent years, with about 50 different apps each time (ie ~200 app out of 500,000) and every time Google pulled the apps from the store on average within 48hrs and remotely uninstalled them from everyone's phones! So calm the hysteria down, and misinformation! And please please boycott authors of this appalling copy - it is not 'journalism' that implies its thoughtful, researched, balanced and intelligent. This garbage was just free advertising.

    Whilst CJ's post is a bit of a rant, it's dead right. If you stick to the Play Store, avoid obviously dubious apps, or stick to reputable sources for non Play apps, there's no issue, certainly no more than iPhone or OSX, and even more certainly far less than Windows.

      The problem is a large number of Android users cant tell what an obviously dubious app is, my mums partner has lots of crap on his phone (xxx shortcuts on the home screens) and its very hard to support him since he got it changed to greek text (considering i use iOS, im not overly familiar with Android), i delete them but they find their way back, perhaps there is a dodgy app on there, i may have to try a malware scanner.

        @Tim - this is the point. If you don't manually disable that protection, you don't need to tell which are dubious apps. The behaviour you describe in an app would unlikely make it passed the 'bouncer' screening in the first place, and if it did, wouldn't last long on Play before it got pulled and remotely uninstalled by Google. That almost certainly means your mum's partner has disabled that protection. Turn that back on for him (Settings -> Security -. Unknown Sources, untick it). Don't install a malware scanner, they are snake oil and rarely work. Go to Settings -> Apps then the Downloaded tab. In there you will find a list of all non-system applications installed on the phone. Just uninstall anything he doesn't use/doesn't recognise or isn't obvious what it does. You can always reinstall them. And if in doubt, select the app and at the bottom of the screen you will find the permissions it possesses. Dubious apps will have dubious permissions. See any, uninstall it. Then you can remove those links again, if they don't come back you are clean - as long as he leaves that protection in place, it will remain clean.

        yes it was a rant, sorry, but it is rather annoying constantly fighting this rear-guard action against silly misinformation!

    I agree with CJ, this article is sub par Angus- it seems like a regurgitation of a media release with little critical analysis.

    A quick look at Google play reveals that Kaspersky sell a 'tablet security' app for over $18 AUD, and a phone security app for over $12 AUD- so it's very much in their interest to stir up fear about malware.

    All points taken - however the research isn't just invented out of nothing. They're not running the same "research stats" for an iOS version of their app because the issues are far less prevalent.

    So yes, while I agree that Kaspersky want to embellish the issue in order to sell more software - the fact remains that they have a market to sell their software in the first place - where they don't currently on iOS.

    You're not going to spend the money developing an application for a platform when a problem doesn't exist in the first place.

Join the discussion!

Trending Stories Right Now