Better watch out what apps you opt to install on your Android device: It turns out malware-infested software for Google’s mobile operating system is multiplying at an alarming rate.

Security researchers from antivirus software firm G Data have discovered that more than 750,000 new malicious apps have sprung out during the first quarter of this year, with estimates the total number will grow up to a staggering 3.5 million by the end of 2017.

The report further warns the problem is particularly widespread among devices from third-party phonemakers where software updates that tend to receive software updates less frequently and sometimes with significant delays.

To give you some more context, G Data researchers also note that in comparison to this year, they were able to identify at least 3.2 and 2.3 million infected apps in 2016 and 2015 respectively.

According to their findings, G Data claims malware proliferates most significantly in Android Lollipop and Marshmallow, accounting for two-thirds of all infected apps.

Here is the full breakdown:

Gingerbread (2.3 – 2.3.7): 0.9%

Ice Cream Sandwich (4.0.3 – 4.0.4): 0.9%

Jelly Bean (4.1.x – 4.3): 10.1%

KitKat (4.4): 20.0%

Lollipop (5.0 – 5.1): 32.0%

Marshmallow (6.0): 31.2%

Nougat (7.0 – 7.1): 4.9%

Given that almost nine out of 10 handsets worldwide run on Android, it is hardly surprising that attackers are targeting Google’s OS.

So in case you want to stay out of harm’s way: Make sure you update your phone to the latest version of Android regularly and download apps exclusively from the Play Store.

on G Data Software Blog

Read next: Qualcomm is trying to stop Apple from selling the iPhone in the US