By Security firm Symantec – famous (or “infamous,” depending on who you are) for their virus protection software on PC – have alerted the world to what they believe is the biggest Android malware scare ever, affecting some 5 million users. They’re calling it “Android.Counterclank” and is apparently a spinoff of other malicious software that can access and manipulate sensitive information.
According to them, the malware – found in the list of apps below – can do things like copy notifications, bookmarks, build information, modify the browser’s homepage and more. The app can be found as a package in the affected apps called com.apperhand. As for that list:
| Publisher | Malicious App Title | Category |
| iApps7 Inc | Counter Elite Force | Arcade & Action |
| iApps7 Inc | Counter Strike Ground Force | Arcade & Action |
| iApps7 Inc | CounterStrike Hit Enemy | Arcade & Action |
| iApps7 Inc | Heart Live Wallpaper | Entertainment |
| iApps7 Inc | Hit Counter Terrorist | Arcade & Action |
| iApps7 Inc | Stripper Touch girl | Entertainment |
| Ogre Games | Balloon Game | Sports Games |
| Ogre Games | Deal & Be Millionaire | Sports Games |
| Ogre Games | Wild Man | Arcade & Action |
| redmicapps | Pretty women lingerie puzzle | Photography |
| redmicapps | Sexy Girls Photo Game | Lifestyle |
| redmicapps | Sexy Girls Puzzle | Brain & Puzzle |
| redmicapps | Sexy Women Puzzle | Brain & Puzzle |
Rival Lookout Mobile Security says that there may not be much to worry about, though. They say that the software may simply be a very aggressive advertising tool.
It’s believed that this ad-serving SDK is derived from “ChopCheec” or “Plankton” from yesteryear. “Apperhand,” according to them, is a cleaned up version of those SDKs as it had to be reworked to satisfy those concerned about the sort of capabilities had and the privacy risk. Lookout agrees that the platform is still too aggressive for their liking but they’re not so sure that anything malicious is going on.
- It is capable of identifying the user uniquely by their IMEI, for instance, but unlike some networks this SDK forward-hashes the IMEI before sending to its server. They’re identifying your device, but they are obfuscating the raw data.
- The SDK has the capability to deliver “Push Notification” ads to the user. We’re not huge fans of push notifications, but we also don’t consider push notification advertising to be malware.
- The SDK drops a search icon onto the desktop. Again, we consider bad form, though we don’t consider this a smoking gun for malware provided the content that is delivered is safe. In this case, it is simply a link to a search engine.
- The SDK also has the capability to push bookmarks to the browser. In our opinion, this crosses a line; although we do not believe this is cause to classify the SDK as malware.
So there it is. Lookout says they will continue to investigate the manner but I’d still advise you guys to steer clear of the apps listed above in the meantime, even if most of them are apps you probably wouldn’t be caught downloading. [Symantec, Lookout, thanks to everyone who sent this in!]
With the exception of the “counter” arcade action games, as they may seem genuine by the name alone, who the hell downloads apps relating to “Sexy Girl Puzzle/Picture/Sudoku etc? For gods sake you deserve to have your handset infected with Malware for being ignorant and dumb to download such an app. Are people really that desperate? Obviously standard puzzles arent stimulating enough for the brain lol. Simple really, read the feedback, Check ratings etc. General rule of thumb for me is if it has no ratings/feedback, yet somehow has 5 stars, just leave it alone. Come back another day and see if there’s any changes! Failing that, google the app in question! This applies whether that be Android or ios!
I agree with everything except pushing bookmarks not being malware. The rest it really just crapware. (for lack of a better term) However, pushing bookmarks is something I have personally seen MANY different types of PC malware do. I don’t see why it should be classified any different on a phone.
please for the love of god take some journalism and writing courses. this is a horribly written article blending your opinion with what appears to come from lookout. Actually impassible to separate the 2!
“may be”?!
Horrible horrible reporting.
shut up.
we are so use to the fact that this site is not CNN or Wall Street journal type reporting that we are numb. get with it! /s
You got me there!
I am use to the poor writing here but this article absolutely takes the cake
Used to, not use to. Now stop complaining about grammar when you make mistakes in your critical post.
re read my post I wasn’t complaining about grammar
I never made any of this out to be my own opinion. If you couldn’t realize that through my text then you just need better reading comprehension skills. Where did I personally say that any of this is what I believe to be true? In fact, I’m questioning Lookout’s assessment of the situation along with Symantec’s. No opinion involved at all.
yeah your right your routine poor writing and overall journalistic skills are my fault thanks
Just wondering Anderson Cooper, what is so wrong with the article? I read the information provided, I was able to ascertain that Symantec is on the malware bandwagon and that Lookout is saying “Slow your roll, son.” I have been reading Phandroid for quite some time now and while I could nit-pick if I wanted, I take it for what it is… a fan site. This site collects the news and rumors around the internet and posts them so I don’t have to hunt for the same info. If the writing bothers you, then exercise your right as a human, and get your news elsewhere.
I think the staff of Phandroid are doing a fine job and thank you for the FREE service you are providing.
lulz… Impassible. Someone got burned by auto-correct! XD
First thing I do when fixing someones PC for them is remove all traces of Symantec software. This usually solves 85% of the problems they were having.
In my eyes, Symantec is just as bad as any virus/malware so I don’t pay them any mind when they talk.
symantec is out for money – they want to be “relevant” because they aren’t.
In fact, it’s a horrible idea to rely on them when it comes to mobile technology which they have shown to a: misrepresent/mislead and b: not understand.
Hahaha I do the same thing. Symantec and McAfee cause more problems than the viruses themselves. And didn’t symantec just recently have their source code stolen?
Any app that does stuff you don’t want it to do without your permission is malware. Expand your definition.
Creating bookmarks you didn’t ask for? Malware. Pushing ads to your notification bar? I guess if when you installed or launched the app it told you that it was going to do it, that would be fine under their theory that some people might not mind it… but more often than not you have to struggle to find which app is secretly doing it, and that’s behaving like malware.
your definition of malware is not reality’s definition of malware. Malware is more along the lines of viruses and harmful software. It’s not a good idea to simply declare something harmful without research into what they’re doing – there is legal precedence for this and it’s also called doing a good job and not being symantec – and not being alarmist. By your definition, digsby is malware too – yet people use it all the time.
You can take off the tinfoil hat now.
The app didn’t do any of this without your permissions if you installed it. This isn’t hard. This is like saying “man, I know when I okayed for the guy to steal my phone I didn’t think he was going to actually do it!”
In contrast, Symantec went “DANGER WILL ROBINSON” and since they’re fairly well accredited, it spread around the web as “oh noes malware malware malware android FUD”
Then by your definition FACEBOOK is the biggest form of Malware.
I’m going to have to disagree. iTunes forces you to install stuff you don’t want, but would that be considered malware? yes. badumdum-cha!
But in all seriousness, that statement is too vague. If you can uninstall the program and the push notifications stop, then it was just advertising, albeit highly intrusive. Creating bookmarks, again, advertising.
In all fairness, anyone downloading Sexy Stripper Girl Puzzle Nakedness Extreme Edition 2, kinda is asking for it.
p.s. Sexy Stripper Girl Puzzle Nakedness Extreme Edition 2 on sale NOW for $2.99!!! ;)
Thanks for letting us know what you created, I wouldn’t be surprised if the anti virus firms are the originators of the viruses without them their whole industry would be gone
I find it stange that when everyone I know comes to me with problems with a virus, it is usualy right after norton has expired on their pc. I would never trust them.
This may be a farce but it’s coming. Android is too open and becoming to popular for it to not happen. Ice cream sandwich could very well be the beginning of the rampage due to the fact that it shores up fragmentation, which most likely helps against malware, spyware, and worse.