Symantec Claims Huge Android Malware Scare Discovered, Lookout Says “Hold Your Horses”


Security firm Symantec – famous (or “infamous,” depending on who you are) for their virus protection software on PC – have alerted the world to what they believe is the biggest Android malware scare ever, affecting some 5 million users. They’re calling it “Android.Counterclank”  and is apparently a spinoff of other malicious software that can access and manipulate sensitive information.

According to them, the malware – found in the list of apps below – can do things like copy notifications, bookmarks, build information, modify the browser’s homepage and more. The app can be found as a package in the affected apps called com.apperhand. As for that list:

Publisher Malicious App Title Category
iApps7 Inc Counter Elite Force Arcade & Action
iApps7 Inc Counter Strike Ground Force Arcade & Action
iApps7 Inc CounterStrike Hit Enemy Arcade & Action
iApps7 Inc Heart Live Wallpaper Entertainment
iApps7 Inc Hit Counter Terrorist Arcade & Action
iApps7 Inc Stripper Touch girl Entertainment
Ogre Games Balloon Game Sports Games
Ogre Games Deal & Be Millionaire Sports Games
Ogre Games Wild Man Arcade & Action
redmicapps Pretty women lingerie puzzle Photography
redmicapps Sexy Girls Photo Game Lifestyle
redmicapps Sexy Girls Puzzle Brain & Puzzle
redmicapps Sexy Women Puzzle Brain & Puzzle

Rival Lookout Mobile Security says that there may not be much to worry about, though. They say that the software may simply be a very aggressive advertising tool.

It’s believed that this ad-serving SDK is derived from “ChopCheec” or “Plankton” from yesteryear. “Apperhand,” according to them, is a cleaned up version of those SDKs as it had to be reworked to satisfy those concerned about the sort of capabilities had and the privacy risk. Lookout agrees that the platform is still too aggressive for their liking but they’re not so sure that anything malicious is going on.

  1. It is capable of identifying the user uniquely by their IMEI, for instance, but unlike some networks this SDK forward-hashes the IMEI before sending to its server. They’re identifying your device, but they are obfuscating the raw data.
  2. The SDK has the capability to deliver “Push Notification” ads to the user. We’re not huge fans of push notifications, but we also don’t consider push notification advertising to be malware.
  3. The SDK drops a search icon onto the desktop. Again, we consider bad form, though we don’t consider this a smoking gun for malware provided the content that is delivered is safe.  In this case, it is simply a link to a search engine.
  4. The SDK also has the capability to push bookmarks to the browser.  In our opinion, this crosses a line; although we do not believe this is cause to classify the SDK as malware.

So there it is. Lookout says they will continue to investigate the manner but I’d still advise you guys to steer clear of the apps listed above in the meantime, even if most of them are apps you probably wouldn’t be caught downloading. [Symantec, Lookout, thanks to everyone who sent this in!]

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

Samsung Epic 4G 2 (SPH-D705) Shows Up In Cellbrite System – Where’s It Headed?

Previous article

Official Formspring for Android Application Now Available

Next article

You may also like


  1. With the exception of the “counter” arcade action games, as they may seem genuine by the name alone, who the hell downloads apps relating to “Sexy Girl Puzzle/Picture/Sudoku etc? For gods sake you deserve to have your handset infected with Malware for being ignorant and dumb to download such an app. Are people really that desperate? Obviously standard puzzles arent stimulating enough for the brain lol. Simple really, read the feedback, Check ratings etc. General rule of thumb for me is if it has no ratings/feedback, yet somehow has 5 stars, just leave it alone. Come back another day and see if there’s any changes! Failing that, google the app in question! This applies whether that be Android or ios!

  2. I agree with everything except pushing bookmarks not being malware. The rest it really just crapware. (for lack of a better term) However, pushing bookmarks is something I have personally seen MANY different types of PC malware do. I don’t see why it should be classified any different on a phone.

  3. please for the love of god take some journalism and writing courses. this is a horribly written article blending your opinion with what appears to come from lookout. Actually impassible to separate the 2!
    “may be”?!
    Horrible horrible reporting.

    1. shut up.
      we are so use to the fact that this site is not CNN or Wall Street journal type reporting that we are numb. get with it! /s

      1. You got me there!
        I am use to the poor writing here but this article absolutely takes the cake

        1. Used to, not use to.  Now stop complaining about grammar when you make mistakes in your critical post.

          1. re read my post I wasn’t complaining about grammar

    2. I never made any of this out to be my own opinion. If you couldn’t realize that through my text then you just need better reading comprehension skills. Where did I personally say that any of this is what I believe to be true? In fact, I’m questioning Lookout’s assessment of the situation along with Symantec’s. No opinion involved at all.

      1. yeah your right your routine poor writing and overall journalistic skills are my fault thanks

        1.  Just wondering Anderson Cooper, what is so wrong with the article?  I read the information provided, I was able to ascertain that Symantec is on the malware bandwagon and that Lookout is saying “Slow your roll, son.”  I have been reading Phandroid  for quite some time now and while I could nit-pick if I wanted, I take it for what it is… a fan site.   This site collects the news and rumors around the internet and posts them so I don’t have to hunt for the same info.  If the writing bothers you, then exercise your right as a human, and get your news elsewhere. 

          I think the staff of Phandroid are doing a fine job and thank you for the FREE service you are providing.

    3.  lulz… Impassible.   Someone got burned by auto-correct!  XD

  4. First thing I do when fixing someones PC for them is remove all traces of Symantec software. This usually solves 85% of the problems they were having.

    In my eyes, Symantec is just as bad as any virus/malware so I don’t pay them any mind when they talk.

    1. symantec is out for money – they want to be “relevant” because they aren’t.

      In fact, it’s a horrible idea to rely on them when it comes to mobile technology which they have shown to a: misrepresent/mislead and b: not understand.

    2. Hahaha I do the same thing. Symantec and McAfee cause more problems than the viruses themselves. And didn’t symantec just recently have their source code stolen?

  5. Any app that does stuff you don’t want it to do without your permission is malware.  Expand your definition.  

    Creating bookmarks you didn’t ask for?  Malware.  Pushing ads to your notification bar?  I guess if when you installed or launched the app it told you that it was going to do it, that would be fine under their theory that some people might not mind it… but more often than not you have to struggle to find which app is secretly doing it, and that’s behaving like malware.

    1. your definition of malware is not reality’s definition of malware. Malware is more along the lines of viruses and harmful software.  It’s not a good idea to simply declare something harmful without research into what they’re doing – there is legal precedence for this and it’s also called doing a good job and not being symantec – and not being alarmist. By your definition, digsby is malware too – yet people use it all the time.

      You can take off the tinfoil hat now.

      The app didn’t do any of this without your permissions if you installed it. This isn’t hard. This is like saying “man, I know when I okayed for the guy to steal my phone I didn’t think he was going to actually do it!”

      In contrast, Symantec went “DANGER WILL ROBINSON” and since they’re fairly well accredited, it spread around the web as “oh noes malware malware malware android FUD”

    2. Then by your definition FACEBOOK is the biggest form of Malware.

    3.  I’m going to have to disagree.  iTunes forces you to install stuff you don’t want, but would that be considered malware?  yes.  badumdum-cha!

      But in all seriousness, that statement is too vague.  If you can uninstall the program and the push notifications stop, then it was just advertising, albeit highly intrusive.  Creating bookmarks, again, advertising. 

      In all fairness, anyone downloading Sexy Stripper Girl Puzzle Nakedness Extreme Edition 2, kinda is asking for it.

      p.s. Sexy Stripper Girl Puzzle Nakedness Extreme Edition 2 on sale NOW for $2.99!!!  ;)

  6. Thanks for letting us know what you created, I wouldn’t be surprised if the anti virus firms are the originators of the viruses without them their whole industry would be gone

  7. I find it stange that when everyone I know comes to me with problems with a virus, it is usualy right after norton has expired on their pc. I would never trust them.

  8. This may be a farce but it’s coming.  Android is too open and becoming to popular for it to not happen.  Ice cream sandwich could very well be the beginning of the rampage due to the fact that it shores up fragmentation, which most likely helps against malware, spyware, and worse.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Apps