Android apps infect 5 million phones with something bad

Malicious code loaded into 13 applications on the Android Market has infected up to 5 millions phones so far — the largest distribution of malware of any type this year, Symantec reported Jan. 27 on its official blog.

The apps, with titles such as Counter Elite Force, Hit Counter Terrorist and Balloon Game, along with a few racy topics, contain Android.Counterclank a modified version of Android.Tonclank Trojan, Symantec said.

The malware is “a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device,” the blog states.

Related stories:

Why Androids are less secure than iPhones

Android a likely target once mobile crime pays

The malware uses a package called apperhand that attaches to the application, Symantec said. When executed, “a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen,” the blog said.

The applications can copy bookmarks, opt-outs, push notifications and shortcuts; identify the last executed command; modify the browser's home page; and retrieve data such as the Android ID, Media Access Control address and SIM serial number, Symantec said.
Despite all that, and although it has spread quickly, Symantec classifies Andrtoid.Counterclank’s risk level as “very low.”

And another security company contends it’s not even malware, strictly speaking, but an aggressive form of adware.

Lookout Mobile Security says in a blog post that, “we disagree with the assessment that this is malware, although we do believe that the Apperhand SDK is an aggressive form of ad network and should be taken seriously.”

Apperhand shares characteristics seen in aggressive ad networks, including putting search icons onto the screen and delivering ads via the notifications bar, Lookout’s blog states. Malware or not, however, Lookout said that, “The average Android user probably doesn’t want applications that contain Apperhand on his or her phone.”

At least six of the apps, from three different publishers, were still available on the Android Market on Jan. 30, Ars Technica reported.

Ars also notes that a user review from several weeks ago for one of the apps, called Deal or BE Millionaire, raised the question of malicious code.  The reviewer warns other users to "beware malware... every time you run this game, a 'search' icon gets added randomly to one of your screens. I keep deleting the icon, but it always reappears. If you tap the icon you get a page that looks suspiciously like the Google search page," Ars reported.


About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • cybersecure new york city

    Cybersecurity for smart cities: Changing from reactionary to proactive

Reader Comments

Thu, Feb 2, 2012

Where's the solution, now that you have described the problem??

Wed, Feb 1, 2012 Mwright

This is why I own a BlackBerry, most secure mobile device on the market.

Tue, Jan 31, 2012

I'm a little disappointed of a lack of response to eradicating this code by Lookout. Also GCN by not offering a suggestion to checking for and removal of this code. They even suggest it is a bit prolific. I'm thankful for the awareness but where's the final help? Please finish the job you've started.

Tue, Jan 31, 2012

J BearSmith is absolutely on the money. If I didn't ask for it then I don't think it is necessary. Further, suppose the Company creates something like this that is a necessary item to make the application functional. I think this is possible and more hidden. How many of us really know just what all that app does?

Tue, Jan 31, 2012 Cowboy Joe

Unfortunately, what JBear describs above fits mosta' the commercial PC bloatware - not the least of which includes things like MS everything, Adobe products, even a fair share of the Apple offerings ...

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group