According to 2018 Malware Forecast released by SophosLabs this week, Android devices affected by ransomware continues to surge up, with number of attacks on Android devices increasing unwaveringly almost every month in 2017.

The number of malicious Android apps has risen steadily in the last four years. In 2013, almost half million of Android apps were malicious. The number continued to ascend in 2015 to just under 2.5 million. As of 2017, up to nearly 3.5 million Android apps were affected by malware.

Roland Yu, SophosLabs security researcher, said that in September alone, more than 30% of the Android malware processed by SophosLabs was ransomware.

On the top Android malware families detected by SophosLabs since the beginning of 2017, Rootnik is the most active. Rootnik is a Trojan horse for Android devices that steals information and downloads additional apps. PornClk comes as the second most active, followed by Axent, SLocker and Dloadr.

Many apps available on the Google Play Store were found to be laced with Rootnik, which was also seen exploiting the DirtyCow Linux vulnerability in late September.

SophosLabs also observed a plummeting number of Potentially Unwanted Applications (PUA) this year. Potentially Unwanted Applications (PUA), although not malicious, are considered unsuitable for business networks. Sophos classified them into five major categories: Adware, dialer, non-malicious spyware, remote administration tools and hacking tools.

The number had risen between 2013 and 2016 but have since dropped to just 1 million in 2017 from 1.4 million in previous years.

SophosLabs documented that Android Skymobi Pay accounted for 38% of all activity this year. Followed by Android Dowgin (16%) and Android Riskware SmsReg (12%).