Malicious software targeting smartphones with the Android operating system is becoming more common, with some handsets already infected when they're bought.
A report by German security firm G DATA found that the samples containing such malware had increased by 25 percent in the second quarter compared with the first three months of the year.
The company's 10th such report, released Wednesday, found that analysts could identify a new strain of malware every 14 seconds.
It says some phones by manufacturers such as Huawei and Xiaomi contain modified apps designed to spy on users or display advertising.
G DATA spokesman Christian Lueg says the phones appear to have been installed by middlemen, but in tracing the source "we lost the trail in China."
Users can detect some malware with free software and set up their phones to avoid more of the bugs, like the "Certifi-gate" vulnerability, by not downloading third-party apps from sources outside the official app store.
Limiting automatic retrieval of messages can also help reduce the chances of unintentionally downloading malware, as was the case with the Stagefright bug -- called "the mother of all Android vulnerabilities" when it was discovered in July.
Though manufacturers and software makers create patches to help fix some of the holes exploited by malware, not all patches will work on every phone since Android users are often running different versions of the operating system.
More than 1.1 billion Android smartphones are expected to ship in 2015, a 79 percent share of the global market, according to a report by the industry analyst IDC.