79 percent of mobile malware is directed at Android

Android robot

In a recent study, the Department of Home Land Security (DHS) and the FBI reported 79 percent of all malware targeting mobile devices was directed at Android devices. There is also concern over the amount of users still using older, more vulnerable versions of the OS.

As Google improves Android, more disparaging press for the world’s most popular mobile operation system.

This coincides with what security experts have been reporting for the last couple of years–Android has a huge market share and with its open source architecture this makes for a good target for malware authors.

In the study, three main security threats are most common: premium SMS, rootkits, and fake Android Markets.

Nearly half of all Android malware are SMS Trojans with a fee associated for each one sent, with many of those Trojans coming from fake Android Markets. The fake markets are setup to look and feel legit but offer up malicious apps.

Rootkits targeting older versions of the Android operating system like GingerBread and Eclair, like DroidDream and DroidKungFu, are also prevalent. There are still many active malware samples in alternative markets waiting to be installed.


A rootkit called Carrier IQ is a logging app installed by phone manufacturers like HTC. In 2011, this app was discovered to have logging functionality and was able to capture passwords, URLs, among other data.

One thing I take issue with is the suggestion of useing “Carrier IQ Test” to remove Carrier IQ or other rootkits, which is a bit more complicated. Although Carrier IQ is technically a rootkit, it was installed by the carrier and device manufacturer at the system level and could not be easily uninstalled.

Manufacturers should’ve pushed out updates to disable logging functionality, but some phones may not have received an update. Tools that could uninstall the Carrier IQ app needed root permissions, even then removing could cause instability to Android itself.

Unfortunately, if you have a device with Carrier IQ installed and are concerned I would suggest upgrading your phone. For non-Carrier IQ suspected rootkits, I would suggest manually uninstalling or using an anti-malware tool to remove. Carrier IQ installed on the iPhone also, so iOS did not escape the fall out from this app.

Fake Android Markets are easy to avoid, just stick to the Play Store. There are many reputable third party markets which host some apps not offered in the Play Store and a lot of the same ones like; Amazon, GetJar, and SlideMe. Keep in mind when using third party markets you might need to enable installing from “Unknown Sources” in your Android Settings.


This probably isn’t new news to you, as we’ve shared it here at Malwarebytes and it’s in the press quite a bit, but it is interesting that government agencies are warning their employees. The data in the report is a bit dated, but I can understand the message they are trying to convey; surf wisely, install updates, and upgrade if you can.

We should all take caution when installing Android apps, especially if you stray from trusted sources like the Play Store or Amazon.

Keep mobile and stay safe.


Armando Orozco

Senior Malware Intelligence Analyst

Faux geek who likes to keep it bland. Experienced in behavioral, PC, and mobile technologies.