More malicious apps were discovered in the first six months of 2013 than in the three years prior, according to software security firm Trend Micro.

The number of apps containing malware reached 718,000 by July, up from 350,000 at the end of 2012.

A majority of the malicious apps sign users up to expensive premium services, charging huge amounts to send or receive text messages, for example.

But recently there has been a big surge in "genuine malware", said Jonathan Oliver, Trend Micro's software architecture director for Australia and New Zealand.

The malicious software exploits Android vulnerabilities to steal sensitive information.

One example called FAKEBANK, spotted in the past couple of months, imitates legitimate banking apps and can steal usernames and passwords.

Cybercriminals generally take genuine apps, insert the malicious software, and sell them on the app store for free or at a discount.

They still perform the original function, but secretly sabotage the phones at the same time.

Android phones are more susceptible than iPhones because their app stores are more open, Oliver said. Apple has more say in what gets on its app store, but it means developers have to share their profits.

Users in poorer countries are particularly vulnerable because their app stores are less regulated and they are drawn to cheaper versions of apps.

But Australians remain a "big target" for cybercriminals, particularly those targeting online banking, because of high mobile internet uptake, Oliver said.