Because of the always connected nature of mobile devices, as well as the unique interfaces they expose, such as short message service (SMS), multimedia messaging service (MMS), and Bluetooth, classes of mobile malware tend to propagate using means unseen in the desktop world. In this paper, we propose a lightweight malware detection system on mobile devices to detect, analyze, and predict malware propagating via SMS and MMS messages. We deploy agents in the form of hidden contacts on the device to capture messages sent from malicious applications. Once captured, messages can be further analyzed to identify a message signature as well as potentially a signature for the malicious application itself. By feeding the observed messages over time to a latent space model, the system can estimate the current dynamics and predict the future state of malware propagation within the mobility network. One distinct feature of our system is that it is lightweight and suitable for wide deployment. The system shows a good performance even when only 10% of mobile devices are equipped with three agents on each device. Moreover, the model is generic and independent of malware propagation schemes. We prototype the system on the Android platform in a universal mobile telecommunications system laboratory network to demonstrate the feasibility of deploying agents on mobile devices as well as collecting and blocking malware-carrying messages within the mobility network. We also show that the proposed latent space model estimates the state of malware propagation accurately, regardless of the propagation scheme. Copyright © 2012 John Wiley & Sons, Ltd.