Smartphone infection rates nearly doubled during the first half of this year, from 0.25 percent to 0.49 percent compared to the second half of 2015, according to a report released today by Nokia.
Nokia provides endpoint malware detection services to major mobile carriers and covers 100 million devices around the world, with the exception of China and Russia, said Kevin McNamee, director of the Nokia Threat Intelligence Lab.
Android is the most targeted device, accounting for 74 percent of the infections.
IPhones accounted for 4 percent and Windows phones did not show up in the statistics, due to their low market share and low infection rates.
The remaining 22 percent of infections were laptops and personal computers connecting via tethered smartphones or WiFi hotspots.
Infection rates varied by month, with a spike in April. Mobile infections hit an all-time high that month, with one out of every 120 smartphones having some form of malware infection, such as ransomware, spyphone applications, SMS Trojans, personal information theft and overly aggressive adware.
But while the infection rate for smartphones went up, the PC infection rate actually went down, McNamee said, possibly due to people spending more of their online time with their phones and tablets.
A continuing trend this year was that of ransomware continuing to move into the mobile space.
"That's a trend that's likely to last for a long time," he said.
In addition, more and more malware is attempting to root smartphones, particularly Android phones.
"That provides it with more functionality," he said. "It allows the malware to make itself more permanent on the device. It can defend itself better against anti-virus tools and against being uninstalled. It can conceal itself."
Of particular interest was the HummingBad malware, which installs itself via drive-by download and roots the device.
It also hooks itself into the Google Play store, he added.
"That's a pretty dangerous place to be," he said. "It can not only install other malware, but it can install it in places you don't expect, so the user doesn't know it's on the device."
Another nasty one is the Viking Horde malware, which turns a phone into part of an ad click fraud botnet.
"It gets on your phone and it lives in the background, and it spends all its life clicking on pay-per-click ads," McNamee said. "It uses up a fair amount of bandwidth, and you can get unexpectedly large bills because this thing spent a lot of time on the net. It's surfing the net on your phone, basically."
Once Nokia detects the malware, the carriers can decide what to do about it.
"Generally speaking, they don't block all traffic from the infected device, but block access to the command-and-control servers," he said. "But it's really up to them, and it varies quite a bit."
The variety of malware types also increased. The number of Android malware samples in the Nokia database increased by 75 percent during the first half of the year.
Sign up for Computerworld eNewsletters.