Press releases

Adware accounts for 72% of all mobile malware

Avast Threat Labs intelligence shows the share of Android adware has risen by 38% in the last year

Avast Threat Labs intelligence shows the share of Android adware has risen by 38% in the last year


Prague, Czech Republic / Redwood City, California, March 10, 2020Avast (LSE:AVST), a global leader in digital security products, has found that adware now accounts for the vast majority of Android mobile malware. Statistics gathered between October and December 2019 by Avast’s Threat Lab experts show that adware was responsible for 72% of all mobile malware, and the remaining 28% consisted of banking trojans, fake apps, lockers, and downloaders. 

Mobile adware is software that hijacks a device in order to spam the user with unwanted ads. Avast’s insights indicate that adware is a rising problem, with its share among all Android malware types having increased by 38% in the past year alone. 

Adware often disguises itself in the form of gaming and entertainment apps, or other app types that are trending and therefore are interesting targets with a high potential to spread far. These apps may appear harmless, but once they’ve infected a device they will surreptitiously click on ads in the background. Sometimes, adware also serves ads with malicious content.

There are two main types of adware: adware apps, which cause distraction and annoyance; and ad-fraud/ad-clickers, a more malicious type of adware: 

Adware apps: These are often gaming, photo or other lifestyle applications that appear benign after installation, but once opened, start spamming the user with ads. Occasionally this form of adware will start spamming the user with ads outside the application, making it difficult for the user to pinpoint where the ads are coming from. 

Ad-fraud/Ad-Clicker: This happens when downloaded apps run stealthy activities without the user’s knowledge. These apps could download an encrypted .dex file (dalvik executable files for Android apps) in the background of a device, and decrypt it to perform actions such as clicking on ads without the user’s knowledge, enabling cybercriminals to make money from advertisers. Occasionally, these criminals will subscribe users to premium subscriptions services. A recent example of this is the Joker malware.  

Commenting on the findings, Nikolaos Chrysaidos, Head of Mobile Threat Intelligence & Security at Avast said: “No one likes getting served with incessant ads; they’re often unwanted and can ruin our enjoyment of an app. They could also pose a threat to users as cybercriminals can use them as a backdoor to a device – whether it’s to make money from advertisers or steal your personal information. We’ve been tracking this issue for a number of years and the increased use of mobile devices is likely fueling its growth..” 

Following these simple tips can help prevent mobile adware attacks: 

  • Only download apps from official app stores, like Google Play, as they have security measures in place to check apps before developers upload them, or from the app’s website directly for extra assurance 
  • Check app ratings of other users in the store, as it’s still important to watch out for fakes. If an app has few stars and many negative comments, something might be amiss
  • Carefully review the permissions an app requests before downloading an app; if an app requests access to data that it doesn’t need in order to function, it might be fraudulent
  • Check your banking and credit card statements to identify any unauthorized payments. Cybercriminals will select low cost subscriptions so they’re hard to spot 
  • Use an antivirus solution on your phone to identify and stop any attempted attacks.