The alleged flood of Android trojans
According to Kaspersky, the number of Android pests has tripled in the second quarter of the year and now stands at an alarming 15,000. However, competitor F-Secure has seen only a moderate increase of about 40 new Android malware. The difference is easy to explain though, and has a deliberate method to it.
Kaspersky's number is one that is – like most anti-virus companies – counts so-called unique samples. Technically, this means that when a new pest appears, a hash value is generated for the program. If this digital fingerprint has not been registered in the company's database, we have a new unique sample. In practice though, a new unique sample could be generated by replacing an "A" with an "a" in the code, making a new hash value even though the malicious program is completely unchanged. So, in the second quarter of 2012, 14923 Android trojans landed in the Kaspersky Malware Statistics. This counting is almost practically worthless, but it is still widespread for various reasons – the fact that it is easy to implement is just one of them.
However, F-Secure has, for some time, chosen a more sophisticated approach to how it analyses the pests for its statistics, such as those it presents in its quarterly Mobile Threat Report. It bases its numbers for malware distribution on malware families or variants and therefore provides a much better measurement of the real threat compared to the inflated unique samples values. So F-Secure has discovered that in the April to June period, 40 new families or variants of existing families of malware emerged, an entirely realistic number. Both AV vendors agree on one thing though; that Android is the preferred mobile platform for digital pests.