One in six Android phones infected with mobile malware

In emerging markets such as Brazil, Indonesia, SA and Thailand, 16% of mobile devices that processed a transaction were found to be infected with malware.

The was revealed in a report by mobile technology specialist Upstream, entitled: “A Pandemic On Mobile - Mobile Ad Fraud and Malware". Insights came from the company’s Secure-D anti-fraud platform processing 1 billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets, covering nearly 840 million users.

Secure-D, which identifies and blocks threats on behalf of mobile operators, detected 46 000 malicious apps in circulation, with a global block rate of 95%, translating as roughly one in six mobile devices carrying at least one infected app. Globally, only one in 36, or 2.6% of devices are reported to be harboring high-risk apps, says Upstream.

According to Geoffrey Cleaves, head of Secure-D at Upstream, one example of how malicious apps operate is the ‘Best QR Code Scanner’, an app removed from Google Play, that triggered 15 997 transaction attempts from a single user’s mobile in Brazil in a single month.

Upstream says emerging markets are disproportionately affected. Out of the countries covered, the highest infection rates were found in Indonesia, where over 99% of mobile transactions were flagged as fraudulent. Brazil was next with 96%, with Thailand hot on its heels at 92%.

Mobile users in these regions tend to rely mostly on their mobile devices for connecting with the online world, Upstream says.

“Due to the poor fixed network infrastructure and lack of WI-FI, many of these users are digital novices and are faced with relatively high data costs compared to those in developed markets. Millions of people in the developing world are also unbanked and rely on their mobile phones to pay for goods and services. This dependency is making them more vulnerable to bad actors, especially throughout the health crisis, resulting in higher infection rates.”

The data also revealed bad actors are increasingly turning their attention away from Google Play, with71% of malware-infected apps found on other third-party app stores.

This is a steep increase from 49% the year prior, highlighting a shift in fraud towards less secure and unregulated sources. Google Play proves to be the safest choice for downloading Android applications, however, the 29% of malicious apps recorded that still went through Google (7% were removed from the store) show that even apps from legitimate sources can be compromised.