The Murky World of “Unknown Sources” Accounts for Majority of Android Malware Installations


Hundreds of thousands of trojan applications are installed on Android devices every day. While some slip through the Google Play Store or come pre-installed, Unknown Sources remain the primary source for the majority of these Android malware installations.

A new study has discovered that tens of millions of applications (both legit and malware) are installed on user devices every day, nearly one-third of which come from sources that cannot be tracked. These unknown sources point to various malware distribution channels, including pornographic web sites, third party links, malware-infected ads, and so on.

Unknown Sources remain the biggest source of Android malware

Researchers scanned data from Clean Master app which scans the APK files whenever a new app is downloaded. "Applications from unknown sources comprise a lot of malware. Data from Clean Master indicates that currently there are three malware which are being installed for over 10,000 times every day," report by Cheetah Mobile Security Research Lab revealed.

Once these trojans manage to root the phone by exploiting the file vulnerabilities, they cause ad popups and trick users into downloading other malicious apps. The analysis revealed that short links and ad links are the main sources of distribution of these trojans, with pornographic web pages being the third largest source.

It is also difficult to get rid of these apps once they are installed because of their root permissions. Most of these trojans manage to root compromised devices and are often updated to avoid getting booted out.

Sources of App Downloads - Unknown Sources account for majority of Android trojan installations

While users are always recommended to disable installation from Unknown Sources from their Android settings, this is not the only source of malware. Researchers at Cheetah Mobile Security Research Lab revealed that many of these Android malware apps also slip into Google Play, or come pre-installed, right out of the box, as was previously reported too. In the Google Play Store, pop up ads "direct users to specific page where it will recommend apps and induce users to download. When users open Google Play, the malware will simulate inputs and install unwanted apps automatically."

The security firm said, except for Android 6.0 Marshmallow and later versions of Android, all previous versions are at risk. Google sends monthly security updates to fix security holes. However, they don't reach out to millions of older Android devices that are not running the latest firmware.

As a security 101, experts have always recommended users to avoid clicking on unknown third-party links or ads, and only download applications from reputable app stores. Go to Settings Security > disable Unknown Sources toggle to avoid app installations from outside of the Play Store.