What are the most common kinds of Android malware?

With over 2 billion monthly active devices, Android is one of the biggest operating systems in the world. However, with such a wide audience, it’s also quickly becoming a target for cyber-criminals who have developed malware and other malicious software for the platform.

Here’s a quick introduction to some of the most common kinds of Android malware.


Hummingbad is one of the most prolific malware that affects Android users. According to According to security company Check Point, it accounts for over 72% of all mobile infections.

Discovered in 2016, Hummingbad often appears on devices via a sort-of drive-by download-based attack that tries to gain access to trick users into giving it root privileges via a fake system update notification. Once it’s done this, it tries to download as many malicious apps as possible to a user's device.

Hummingbad then feeds you fake ads which, when closed, trigger additional malicious installations. It can even imitate clicks on buy, install, and accept buttons within the Google Play store itself.


Hiddad is a trojan style piece of malware that’s proved a recurring thorn in the side of Google’s Play Store for some time now. In the past, Hiddad has been disguised as YouTube content downloader apps like tube.mate and Snaptube. It’s also masqueraded as innocuous things like a photo editor and even an internet speed-test app.

However, once installed, it continually floods users with malicious ads while also doing everything it can to make getting rid of it a pain, even renaming its installation to ‘Download Manager’.  

Google has repeatedly removed instances of the malware making its way onto the store but it continues to return in various forms.


Like the name might suggest, SpyDealer is the kind of surveillance-malware that you’d expect to see in some kind of espionage thriller starring Matt Damon. This piece of Android malware steals data from more than 40 popular communications and social media apps including including Skype, Facebook, WhatsApp and even some versions of Firefox.

According to Palo Alto Networks, the malicious software can spy on victims' call histories, contacts, Wi-Fi information and even location, all by exploiting the Android’s native accessibility feature.

Discovered in 2017, SpyDealer can answer and record phone calls, audio clips and video footage. It can also take screenshots or photos using the device's front and rear camera.

Though SpyDealer predominantly affects older versions of Android, Google has quickly acted to implement protections in more recent versions of the OS.