Android apps infect 5 million phones with something bad

Malicious code loaded into 13 applications on the Android Market has infected up to 5 millions phones so far — the largest distribution of malware of any type this year, Symantec reported Jan. 27 on its official blog.

The apps, with titles such as Counter Elite Force, Hit Counter Terrorist and Balloon Game, along with a few racy topics, contain Android.Counterclank a modified version of Android.Tonclank Trojan, Symantec said.

The malware is “a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device,” the blog states.

Related stories:

Why Androids are less secure than iPhones

Android a likely target once mobile crime pays

The malware uses a package called apperhand that attaches to the application, Symantec said. When executed, “a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen,” the blog said.

The applications can copy bookmarks, opt-outs, push notifications and shortcuts; identify the last executed command; modify the browser's home page; and retrieve data such as the Android ID, Media Access Control address and SIM serial number, Symantec said.
Despite all that, and although it has spread quickly, Symantec classifies Andrtoid.Counterclank’s risk level as “very low.”

And another security company contends it’s not even malware, strictly speaking, but an aggressive form of adware.

Lookout Mobile Security says in a blog post that, “we disagree with the assessment that this is malware, although we do believe that the Apperhand SDK is an aggressive form of ad network and should be taken seriously.”

Apperhand shares characteristics seen in aggressive ad networks, including putting search icons onto the screen and delivering ads via the notifications bar, Lookout’s blog states. Malware or not, however, Lookout said that, “The average Android user probably doesn’t want applications that contain Apperhand on his or her phone.”

At least six of the apps, from three different publishers, were still available on the Android Market on Jan. 30, Ars Technica reported.

Ars also notes that a user review from several weeks ago for one of the apps, called Deal or BE Millionaire, raised the question of malicious code.  The reviewer warns other users to "beware malware... every time you run this game, a 'search' icon gets added randomly to one of your screens. I keep deleting the icon, but it always reappears. If you tap the icon you get a page that looks suspiciously like the Google search page," Ars reported.


About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.