Hundreds of thousands of trojan applications are installed on Android devices every day. While some slip through the Google Play Store orcome pre-installed, Unknown Sources remain the primary sourcefor the majority of these Android malware installations.

A new study has discovered that tens of millions of applications (both legit and malware) are installed on user devices every day, nearly one-third of whichcome from sources that cannot be tracked. These unknown sources point to various malware distribution channels, including pornographic web sites, third party links, malware-infected ads, and so on.

Unknown Sources remain the biggest source of Android malware

Researchers scanned data from Clean Master app which scans the APK files whenever a new app is downloaded."Applications from unknown sources comprise a lot of malware. Data from Clean Master indicates that currently there are three malware which are being installed for over 10,000 times every day," report by Cheetah Mobile Security Research Lab revealed.

Once these trojans manage toroot the phone by exploiting the file vulnerabilities,theycause ad popups and trick users into downloading other malicious apps. The analysis revealed that short links and ad links are the main sources of distribution ofthese trojans, with pornographic web pages being the third largest source.

It is also difficult to get rid of these apps once they are installed because of their root permissions. Most of these trojans manage to root compromised devices and are often updated to avoid getting booted out.

Sources of App Downloads - Unknown Sources account for majority of Android trojan installations

While users are always recommended to disable installation from Unknown Sources from their Android settings, this is not the only source of malware. Researchers atCheetah Mobile Security Research Lab revealed that manyof these Android malware apps also slip into Google Play, or come pre-installed, right out of the box, as was previously reported too. In the Google Play Store, pop up ads "direct users to specific page where it will recommend apps and induce users to download. When users open Google Play, the malware will simulate inputs and install unwanted apps automatically."

The security firm said, except for Android 6.0 Marshmallow and later versions of Android, all previousversions are at risk. Google sends monthly security updates to fix security holes. However, they don't reach out to millions of older Android devices that are not running the latest firmware.

As a security 101, experts have always recommendeduserstoavoid clicking on unknown third-party links orads, and only download applications from reputable app stores. Go toSettings>Security> disable Unknown Sources toggle to avoid app installations from outside of the Play Store.