According to Sophos' Graham Cluley, SophosLabs recently used statistics from installations of the Sophos Mobile Security app for Android to determine which malware is most frequently found on Android devices.
"The volume of malware that we've discovered highlights that mobile security is a real and growing problem, especially on Android," Cluley said in a statement. "Criminals are creating more and more targeted malware for different platforms, and smartphone users need to wise up to the fact that security is no longer limited to PCs, but mobiles and tablets are also at risk if not sufficiently protected."
"According to the research, most Android devices become infected having used the practice of side-loading apps a way of installing applications that haven't been approved by Google and are from non-official sources," writes Know Your Mobile's Ben Griffin.
Sophos' top-five list is as follows:
1. Andr/PJApps-C. Most commonly these are paid for apps that have been hacked. They are not necessarily always malicious, but are very likely to be illegal.
2. Andr/BBridge-A. These malicious apps can send and read SMS messages, potentially costing you money. In fact, it can even scan your incoming SMS messages and automatically remove warnings that you are being charged a fee for using premium rate services it has signed you up for.
3. Andr/BatteryD-A. This "Battery Doctor" app falsely claims to save battery life on your Android device. But it actually sends potentially identifiable information to a server using HTTP, and aggressively displays adverts.
4. Andr/Generic-S. These range from privilege escalation exploits to aggressive adware such as variants of the Android Plankton malware.
5. Andr/DrSheep-A. Remember Firesheep? The desktop tool that can allow malicious hackers to hijack Twitter, Facebook and Linkedin sessions in a wireless network environment? Andr/DrSheep-A is the Android equivalent of the tool.
"As always, be safe when browsing online, download apps from authorized sources and scrutinize apps that you install to make sure they aren't asking for excessive permissions," writes PCMag.com's Fahmida Y. Rashid. "Unlike the PC, it's harder to tell when your mobile device has been infected, so it's worth installing a security app."