SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
72% of all mobile malware is adware - report
Wed, 18th Mar 2020
FYI, this story is more than a year old

Adware accounts for the vast majority of Android mobile malware, according to statistics released today from Avast.

Mobile adware, or software that hijacks a device in order to spam the user with unwanted ads, accounts for 72% of all mobile malware, the statistics reveal.

The remaining 28% consisted of banking trojans, fake apps, lockers and downloaders, says Avast.

The report also reveals that adware is a rising problem, with its share among all Android malware types having increased by 38% in the past year alone.

Adware usually masquerades as gaming or entertainment apps as they tend to be more popular and therefore have greater potential to spread.

To the average app downloader, the apps may seem harmless, but once they've infected a device they will surreptitiously click on ads in the background. Sometimes, adware also serves ads with malicious content.

Avast outlines two types of adware that are in use today: adware apps, which cause distraction and annoyance; and ad-fraud/ad-clickers, a more malicious type of adware.

Adware apps

These are often gaming, photo or other lifestyle applications that appear benign after installation, but once opened, start spamming the user with ads.

Occasionally this form of adware will start spamming the user with ads outside the application, making it difficult for the user to pinpoint where the ads are coming from.

Ad-fraud/Ad-Clicker 

This happens when downloaded apps run stealthy activities without the user's knowledge. These apps could download an encrypted [.dex] files in the background of a device, and decrypt it to perform actions such as clicking on ads without the user's knowledge, enabling cybercriminals to make money from advertisers.

“No one likes getting served with incessant ads; they're often unwanted and can ruin our enjoyment of an app,” says Avast head of mobile threat intelligence - security Nikolaos Chrysaidos.

“They could also pose a threat to users as cybercriminals can use them as a backdoor to a device – whether it's to make money from advertisers or steal your personal information.

“We've been tracking this issue for a number of years and the increased use of mobile devices is likely fuelling its growth.

 
Tips for preventing adware attacks
  • Only download apps from official app stores, like Google Play, as they have security measures in place to check apps before developers upload them, or from the app's website directly for extra assurance
     
  • Check app ratings of other users in the store, as it's still important to watch out for fakes. If an app has few stars and many negative comments, something might be amiss
     
  • Carefully review the permissions an app requests before downloading an app; if an app requests access to data that it doesn't need in order to function, it might be fraudulent
     
  • Check your banking and credit card statements to identify any unauthorized payments. Cybercriminals will select low-cost subscriptions so they're hard to spot
     
  • Use an antivirus solution on your phone to identify and stop any attempted attacks.