Kaspersky’s latest Android malware report makes interesting reading but not for the right reasons. The report highlights that the number of malicious programs targeting Google’s Android mobile operating system rose to over 14,900 in the second quarter, up from 5,400 or 275 per cent, from the previous quarter. These reports though, just don’t add up. Here is why.
There are two aspects of this mobile malware report that remain remain far from transparent. Kaspersky (they are not the only ones) is unable to determine the AFCPU (Actual Fraudulent Cost Per User). What is the financial impact of this Android malware on these users and organizations? I know none of the security vendors in my network have any idea on the fraudulent cost per user – so ask yourself why not? They don’t have the answer to this nor do I right now. Maybe the carriers or banks can help us? We might just find PRS (Premium Rate Service) SMS fraud is where most of the financial loss is occurring. Right now, we just do not know. Another aspect for me is the ‘global’ nature of this report. If I was to break down the 14,900, I’d say more than 80% of this Android malware probably originated in China, mainly due to the number of third-party Android markets that country is offering. So what next?
I’d really like to understand what the Android (and non-Android) malware threat to the UK and US and or Europe is right now. Over 600m people live in this region, so why are security vendors being so vague with the datasets for these countries? These ‘global’ mobile malware reports just churn out the same data with no actual hard facts nor relevance to mobile users by region and or country. By ‘relevance’ I also mean financial impact. As I said earlier, work out the AFCPU and only then will users be able to take the mobile malware threat more seriously.
Safe surfing folks!