Rogue Mobile Ads Threaten U.S. Smartphone Users

Contributing Writer

The next wave of cybercriminals might not technically be criminals at all, according to a report by mobile security company Lookout.

The new report shows that in 2013, although Android malware continues to grow, it was outstripped in the United States and Canada by two other contenders: adware and chargeware.

MORE: Mobile Security Guide: Everything You Need to Know

Adware is software that displays ads on the devices to which it's downloaded, thus generating a steady stream of revenue for its creator and, usually, annoying the device owners. Adware is most often found embedded in other apps, thanks to partnerships between the app developers and the ad companies, says Lookout.

You're five times as likely to encounter adware as you are typical malware, according to Lookout's report. The company's study found that 25 percent of surveyed U.S. Android users had encountered it on their phones.

From the end user perspective, most adware is annoying at worst, but Lookout warns that some advertisers use adware to gather sensitive information off your phone, such as your phone number, device ID, email address or browser history. 

You can avoid most adware by only downloading Android apps from the Google Play store, whose recently employed strict advertisement policies have been very successful at curbing Android-based adware.

The second most common mobile threat, which 5.3 percent of polled U.S. mobile users encountered,  is chargeware, or mobile applications that hit users with small, hidden fees without the user's knowledge and make it difficult to unsubscribe. 

"Chargeware are typically racy porn apps that are intentionally very unclear about how much they charge users. As a result, people often unknowingly run up huge fees," said Lookout in a statement, adding that chargeware is common in Western Europe where strict laws against premium SMS fraud have led criminals to branch out.

Both adware and chargeware operate in what Lookout describes as a legal gray area: These types of software don't technically break the law, but they do intentionally misdirect, or outright trick, users about their true functions.

"We suspect that chargeware remains the most lucrative method of monetizing in Western Europe because it's not explicitly illegal and Premium SMS is a more established way of paying for things in Western Europe than in the US. As a result, people are used to agreeing to these terms from their smartphone," Jeremy Linden, Lookout's security product manager, told Tom's Guide.

Malware came in as the third most commonly encountered Android risk, encountered by just 4.22 percent of polled U.S. mobile users.

But that doesn't mean malware is harmless: Lookout's report also found that, instead of trying to hit large numbers of people with a single type of malware, criminals are starting to modify existing types of malware to perform highly specific tasks.

This means that, with very little coding, criminals can tweak and hone an existing malicious program into something new that can evade detection.

Some other countries had very different profiles. In Britain and Spain, the rates of chargeware infection nearly matched those of adware; in Russia, malware infected a whopping 75 percent of all phones, while adware infected half that number.

The least infected country surveyed was Japan, with an adware infection rate of less than 10 percent and malware and chargeware rates that were nearly imperceptible.

The report is based on data from people who had Lookout's app downloaded to their Android device throughout 2013.

Email or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.