Cheetah Mobile Security have released a report naming the top three markets containing malware-infected Android devices: China, India and Indonesia. There are 1.5 million infected devices in China, 1.1 million in India and 800,000 in Indonesia. Russia has over 4.5 million infected devices and in fifth place, Malaysia. Cheetah’s report explained that extensive use of third party application stores is the main reason for this and discovered that “most of the third party apps are malware-affected.” Cheetah reported that in 2015, the number of Android viruses saw a massive increase during 2015 and that they were now more than 9.5 million in extensive, up from 2.8 million in 2014.
Worryingly, the company has seen a significant increase in the number of Android Root Trojans. These are particularly stubborn to remove because a factory reset does not solve the issue, and because they can take deep control of the device, have access to potentially sensitive information embedded in the smartphone or tablet. This means that user information may be compromised, such as usernames and passwords. It’s one of the reasons why many sensitive applications do not run on a rooted device – mobile banking and payment system applications as two examples. This characteristic, which is seen as a frustration for many users who would choose to root their devices as well as use these applications. Cheetah also wrote about the other Android vulnerabilities discovered in 2015 including the Stagefright issue and said, “it seemed like Android vulnerabilities would never end.” This, unfortunately, seems to be little more than stating the obvious and a sales pitch to invest in Cheetah’s security software.
The popularity in third party application stores is easy to understand, because these often offer applications at a discount to the main Google Play Store. However, these application service websites are often simply not policed or monitored as the Google Play Store and this in turn means that hackers can either modify a legitimate application, injecting malware, or simply produce a new application designed to interfere with the target device. A simple rule is to always use the Google Play Store and ensure that the option to allow installs from non-Google Play Store application stores is disabled, so that the device refuses to allow third party installations. Of course, for many customers, this does not feel like a viable option given that the third party application stores may offer a wider choice, cheaper prices or even free applications that are premium with the Play Store. Sometimes, if it seems too good to be true, it is.