The Number of App-Based Threats on Android Is Increasing

• Android threats are getting higher in number and risk, increasing by 21% last month. 
• The dangerous APKs lie outside the official Play Store now, but many were in there at some point.
• Millions of users are tricked into downloading risky software every month, and the situation keeps getting worse.

According to a detailed report by Dr. Web Anti-Virus analysts, the number of new threats on Android and the official Play Store has risen by about 21% in the last month compared to February 2020. More specifically, the number of malware increased by 21.6%, unwanted apps by 13.4%, adware by 27.6%, and riskware by 32.7%. Some of these threats, like the “Circle 1” trojan, have been downloaded by hundreds of thousands of users, hiding inside their devices, being built inside benign apps, and using names that resemble key system components in order to stay under the radar.

Other notable recent malware threats include three remote code execution apps, a “MobiDash” trojan that displays annoying ads, and a “Triada” variant that enables attackers to take full control of the infected devices. In the category of unwanted software, the Dr. Web team reports the following apps:

• Free Android Spy – spyware
• M Recorder – Voice and Calls audio recorder
• Mobile Tool – Android user activity monitoring tool that is basically spyware
• Algo360 – Loan score estimation software module that collects private user data like SMS, GPS, Calendar entries, and web browser bookmarks

Apart from the above, the analysts found a fake anti-virus app that imitates the detection of non-existent adware, various “silent installers” that fetch APKs and launch them without user interaction, and dangerous rooting utilities that request ultimate privileges only to plant malware and tap on the cameras and microphones. Also, in March, there was an explosion of new “Joker” trojans hiding inside image editing and wallpaper changer apps. This is a particularly dangerous category of threats, capable of downloading and executing malicious components, arbitrary code, and also to subscribe users to premium services that eat up data plans or charge their bill directly.

These apps have been removed from the Play Store, but they are still to be found in some unofficial app stores. That said, you should avoid installing APKs from untrustworthy sources, and always keep a mobile AV and security solution up to date and running on your device. Even if you don’t want to burden your smartphone with an AV tool, you can still identify malicious activity by monitoring and reviewing your data and battery consumption on an application level. It would quickly reveal what is running on the background, but remember, many apps are trying to trick you by using system-like process names.