New Android malware strains to top 2 million by end of 2015

“By the end of 2015, researchers expect the number of new Android malware strains to hit 2 million,” Sara Peters reports for InformationWeek. “Although mobile malware hasn’t yet been blamed for any major data breach or cybercrime event, attackers are churning out a new piece of Android malware every 18 seconds — and the rate is trending upwards.”

“In the first quarter of 2015, 440,267 new samples of Android malware appeared, and the number may reach over 2 million by the end of the year, according to researchers at anti-virus firm G DATA, which just celebrated its 30th anniversary,” Peters reports. “That is a 6.4 percent increase over Q4 2014.”

Peters reports, “‘We haven’t seen the ‘Melissa [virus]’ for mobile malware yet,’ says Hayter. ‘That day will come. I predict sooner, than later. I think it’s a matter of installed base and profit.'”

Read more in the full article here.

MacDailyNews Take: Android is the open sore of mobile.

“Open.” To infection.

Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013


  1. What gets me is Google did this with their “Don’t be evil.” mantra.

    If you don’t want to do evil, then you don’t release an OS that allows such easy hacking to harm your partner’s customers.

    I’m still astonished to see Android (& a lot of older models) in tech companies. I ask “Aren’t you concerned about malware attempting to steal data from your phone?” and people just stare.

  2. One has to wonder why no reports have yet surfaced about any of these millions of malwares actually doing anything.
    “Although mobile malware hasn’t yet been blamed for any major data breach or cybercrime event…”

    1. I have wondered the same thing, opsono. Perhaps the malware is lurking and gathering data over weeks and months and years until it is discovered, just like the attack on OPM that was recently discovered.

      If I were an Android user, then I would be worried. That is one of several reasons why I am *not* an Android user.

  3. If You Want Malware, You Want ANDROID!

    a new piece of Android malware every 18 seconds

    I found this hilarious. Head stuck in the sand much?

    He suggests Android users avoid malware, adware, and other potentially unwanted programs by only downloading from very trusted sources like the Google Play Store or your device manufacturer’s store.

    From February 2014:

    Report: Malware-infected Android apps spike in the Google Play store

    From February 2015:

    Android Malware Removed From Google Play Store After Millions of Downloads

    Get the picture?
    (O_o) (o_O)

  4. Throw in the report 2 weeks ago about factory resetting or wiping your Android phone left your data on it. That never hit the major news.
    Google must be spending tons of “Hush money”.

    1. It’s possible that the news is about the same level as “Formatting your desktop HD leaves data still on it”.. And less impressive than “Formatting the HD in photocopiers used in High Level security and resold to foreign nations results in document leaks.”

    2. Throw in the poor HTTPS implementation in many Android apps. (I’ve used up my 2 links in this thread or I’d post it. Search for this article title at Ars Technica):

      Game-over HTTPS defects in dozens of Android apps expose user passwords
      Apps downloaded more than 200 million times fail to properly encrypt login data.

      Researchers have unearthed dozens of Android apps in the official Google Play store that expose user passwords because the apps fail to properly implement HTTPS encryption during logins or don’t use it at all.

      The roster of faulty apps have more than 200 million collective downloads from Google Play and have remained vulnerable even after developers were alerted to the defects. The apps include the official titles from the National Basketball Association, the dating service, the Safeway supermarket chain, and the PizzaHut restaurant chain. They were uncovered by AppBugs, a developer of a free Android app that spots dangerous apps installed on users’ handsets.

      AppBugs CEO Rui Wang told Ars that the app uses unencrypted hypertext transfer text protocol when sending user passwords, making it trivial for people in a position to monitor the traffic— such as someone on the same Wi-Fi network—to read the credentials. Other apps, such as NBA Game Time and those from Safeway and PizzaHut use HTTPS encryption but don’t implement it correctly. As a result, a man-in-the-middle attacker can use a self-signed or otherwise fraudulent digital certificate to read the login data.

      The joy of hemorrhoid, I mean Android.

      1. Ah, and here’s an article covering your point Think. It again is from Ars Technica:

        Flawed Android factory reset leaves crypto and login keys ripe for picking
        An estimated 630 million phones fail to purge contacts, e-mails, images, and more.

        An estimated 500 million Android phones don’t completely wipe data when their factory reset option is run, a weakness that may allow the recovery of login credentials, text messages, e-mails, and contacts, computer scientists said Thursday.

        In the first comprehensive study of the effectiveness of the Android feature, Cambridge University researchers found that they were able to recover data on a wide range of devices that had run factory reset. The function, which is built into Google’s Android mobile operating system, is considered a crucial means for wiping confidential data off of devices before they’re sold, recycled, or otherwise retired. The study found that data could be recovered even when users turned on full-disk encryption.

        GOOGLE: How about focusing on the broken security in YOUR OWN glass house? Hmm? Do you need further embarrassment to move your lazy, hypocritical backsides?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.