You're not paying attention. Just one of those 65,557 malware variants (in this case Eurograbber) sucked $47 million from the bank accounts of 30,000 Android users - that's not a "few thousand users" or a "few million dollars" even by itself, let alone when you add the million Android users infected by Ghost Push or Bmaster or the tens of thousands of other malware variants infecting 32.8 million Android devices just in 2012 alone. And those are just a few of the malicious Android exploits from the first page of a Google search for financially impactful Android malware.
Then there's the Asacub Trojan that targets banks in the USA as well as elsewhere, FakePlayer (sends SMS messages to premium-rate numbers), Geinimi, DroidDream, DroidKungFu, Plankton, etc etc. The list is endless. No wonder Symantec reports that 17% of Android apps are malware in disguise.
You still haven't explained what you mean by "Android wasn't included as a potential target until 2015".
And no comment on your failed attempt at besmirching iOS with your reference to the supposed "iOS 9 code vulnerability" which had nothing to do with the topic at all?
And still no comment on the 87.7% of Android devices on average that Cambridge reports are wide open to malicious attack thanks to Android's broken update architecture or the 18 months it takes a pathetic 20% of the Android platform to be patched for critical vulnerabilities while the remaining 80% are sitting ducks completely unpatched to critical vulnerabilities going back years?
Interesting that you continue to be unsuccessful in dredging up any iOS users financially impacted by any malicious exploits after all this time.
It's quite apparent why Cisco, F-Secure and Kaspersky all report that Android users are the targets of 97-99% of the mobile malware in the world - it's the actual truth.
You're not paying attention. Just one of those 65,557 malware variants (in this case Eurograbber) sucked $47 million from the bank accounts of 30,000 Android users
No, that's simply what you'd like to everyone to believe. You're the only one claiming it all was due to Android. Why? Well of course to reflect as badly as possible on Android alone is the only reason I can think of, accuracy taking a backseat. So obvious hyperbole it is.
Regarding my 2015 mention that's what I get for taking what Symantec writes at face value. I relied on a malware report from them dated 2015 and failed to understand at the time what they were reporting on: "While Zitmo isn't new, this Android variant is. Zitmo has been used by the ZeuS gang to defeat SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months," They were actually referring to what you found from 2012. My mistake and thanks for pointing it out.
I also already commented on the "iOS code vulnerability" headline. That you failed to see I wrote it had nothing to do with Apple themselves rather than "besmirching iOS" isn't my problem. Or perhaps you did read it but have other reasons for saying now I had done so. Try reading the post again.
You said: "Interesting that you continue to be unsuccessful in dredging up any iOS users financially impacted by any malicious exploits after all this time." Well, I hadn't looked until you brought it up. Perhaps Oleg Pliss? Probably a few dollars there. Masque Attack certainly has potential too. The capabilities of XCodeGhost are still morphing. But exploits/malware that steal money aren't very prevalent on mobile platforms in the first place whether it be Android, iOS or "other".
Anyway the increasingly pithy responses aren't serving any purpose at this point. Suffice to say that a platform with well over a billion active users but suffering a malicious malware rate of less than 0.001% up to one-half of one percent depending on whose malware (mis)report you read sounds relatively safe to me, particularly compared to a desktop OS.
Finally you still don't get, or at least wish to acknowledge for your own reasons, that simply being a target doesn't mean you were hit.
'nuff said on the issue as far as I'm concerned. Facts are becoming ever less important while exaggeration is taking over.
But exploits/malware that steal money aren't very prevalent on mobile platforms in the first place whether it be Android, iOS or "other".
Anyway the increasingly pithy responses aren't serving any purpose at this point. Suffice to say that a platform with well over a billion active users but suffering a malicious malware rate of less than 0.001% up to one-half of one percent depending on whose malware (mis)report you read sounds relatively safe to me, particularly compared to a desktop OS.
Still no actual evidence of financial impact affecting iOS users compared to the multitude of reports about Android users losing millions of dollars - just supposition on your part eh?
Meanwhile, Businessreporter dot co dot uk reports:
"Half of Android malware attacks financial transactions
2 Jul 2015. An increase in online transactions via smartphones and tablets has resulted in an surge in financially-motivated malware.
"With developments in technology, mobile banking is on the increase: 41 per cent of Europeans carry out their banking transactions on a smartphone or tablet. The malware takes the form of coerced subscriptions via premium SMS or calls, extortion via ransomware and remote control of money transfers. G DATA Mobile Solutions product manager Christian Geschkat said: “The use of smartphones and tablets for online banking is increasing rapidly."
“With its dominant marketing position, the Android operating system in particular is coming to the attention of cyber criminals.” The company’s report found that the first quarter of 2015 saw 440,000 new Android malware strains. Compared to the first quarter of 2014, this number has risen by 21 per cent. The software used to attack users accounts include banking Trojans and SMS Trojans. The Svpeng Android Trojan and The FakeToken banking Trojan are two malware systems that G DATA’s includes in its report."
So much for your contention that "exploits/malware that steal money aren't very prevalent on mobile platforms" and look how much Android malware production is accelerating each year (while iOS malware remains almost completely absent in comparison).
And you still won't admit that having 87.7% of the Android user base suffering from un-pathched critical vulnerabilities is a problem for Android or that Google and the Android platform should be utterly condemned for it taking 1-2 years for a measly 20% of the Android user base to be patched while the remaining 80% is never patched for all critical vulnerabilities. Talk about a head in the sand attitude.
ps. I just re-read your comment about that iOS 9 code vulnerability and I realise now you were using it as an example of bad reporting - I apologise for mis-understanding your point there. However, it was a mis-placed point you made as all of the examples I have given are issues of substance, not editorial license based on a single headline.
Anytime I read headlines like this, like the one about the Microsoft Surfaces being blamed, I look to see if Daniel Eran Dilger is the author. I'm a fan of Apple fan, but not by overly biased articles unsubstantiated by evidence.
Comments
Then there's the Asacub Trojan that targets banks in the USA as well as elsewhere, FakePlayer (sends SMS messages to premium-rate numbers), Geinimi, DroidDream, DroidKungFu, Plankton, etc etc. The list is endless. No wonder Symantec reports that 17% of Android apps are malware in disguise.
You still haven't explained what you mean by "Android wasn't included as a potential target until 2015".
And no comment on your failed attempt at besmirching iOS with your reference to the supposed "iOS 9 code vulnerability" which had nothing to do with the topic at all?
And still no comment on the 87.7% of Android devices on average that Cambridge reports are wide open to malicious attack thanks to Android's broken update architecture or the 18 months it takes a pathetic 20% of the Android platform to be patched for critical vulnerabilities while the remaining 80% are sitting ducks completely unpatched to critical vulnerabilities going back years?
Interesting that you continue to be unsuccessful in dredging up any iOS users financially impacted by any malicious exploits after all this time.
It's quite apparent why Cisco, F-Secure and Kaspersky all report that Android users are the targets of 97-99% of the mobile malware in the world - it's the actual truth.
Regarding my 2015 mention that's what I get for taking what Symantec writes at face value. I relied on a malware report from them dated 2015 and failed to understand at the time what they were reporting on:
"While Zitmo isn't new, this Android variant is. Zitmo has been used by the ZeuS gang to defeat SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months,"
They were actually referring to what you found from 2012. My mistake and thanks for pointing it out.
I also already commented on the "iOS code vulnerability" headline. That you failed to see I wrote it had nothing to do with Apple themselves rather than "besmirching iOS" isn't my problem. Or perhaps you did read it but have other reasons for saying now I had done so. Try reading the post again.
You said: "Interesting that you continue to be unsuccessful in dredging up any iOS users financially impacted by any malicious exploits after all this time."
Well, I hadn't looked until you brought it up. Perhaps Oleg Pliss? Probably a few dollars there. Masque Attack certainly has potential too. The capabilities of XCodeGhost are still morphing. But exploits/malware that steal money aren't very prevalent on mobile platforms in the first place whether it be Android, iOS or "other".
Anyway the increasingly pithy responses aren't serving any purpose at this point. Suffice to say that a platform with well over a billion active users but suffering a malicious malware rate of less than 0.001% up to one-half of one percent depending on whose malware (mis)report you read sounds relatively safe to me, particularly compared to a desktop OS.
Finally you still don't get, or at least wish to acknowledge for your own reasons, that simply being a target doesn't mean you were hit.
'nuff said on the issue as far as I'm concerned. Facts are becoming ever less important while exaggeration is taking over.
Meanwhile, Businessreporter dot co dot uk reports:
"Half of Android malware attacks financial transactions
2 Jul 2015. An increase in online transactions via smartphones and tablets has resulted in an surge in financially-motivated malware.
"With developments in technology, mobile banking is on the increase: 41 per cent of Europeans carry out their banking transactions on a smartphone or tablet. The malware takes the form of coerced subscriptions via premium SMS or calls, extortion via ransomware and remote control of money transfers. G DATA Mobile Solutions product manager Christian Geschkat said: “The use of smartphones and tablets for online banking is increasing rapidly."
“With its dominant marketing position, the Android operating system in particular is coming to the attention of cyber criminals.” The company’s report found that the first quarter of 2015 saw 440,000 new Android malware strains. Compared to the first quarter of 2014, this number has risen by 21 per cent. The software used to attack users accounts include banking Trojans and SMS Trojans. The Svpeng Android Trojan and The FakeToken banking Trojan are two malware systems that G DATA’s includes in its report."
So much for your contention that "exploits/malware that steal money aren't very prevalent on mobile platforms" and look how much Android malware production is accelerating each year (while iOS malware remains almost completely absent in comparison).
And you still won't admit that having 87.7% of the Android user base suffering from un-pathched critical vulnerabilities is a problem for Android or that Google and the Android platform should be utterly condemned for it taking 1-2 years for a measly 20% of the Android user base to be patched while the remaining 80% is never patched for all critical vulnerabilities. Talk about a head in the sand attitude.
ps. I just re-read your comment about that iOS 9 code vulnerability and I realise now you were using it as an example of bad reporting - I apologise for mis-understanding your point there. However, it was a mis-placed point you made as all of the examples I have given are issues of substance, not editorial license based on a single headline.