Symantec Claims Huge Android Malware Scare Discovered, Lookout Says “Hold Your Horses”
Security firm Symantec – famous (or “infamous,” depending on who you are) for their virus protection software on PC – have alerted the world to what they believe is the biggest Android malware scare ever, affecting some 5 million users. They’re calling it “Android.Counterclank” and is apparently a spinoff of other malicious software that can access and manipulate sensitive information.
According to them, the malware – found in the list of apps below – can do things like copy notifications, bookmarks, build information, modify the browser’s homepage and more. The app can be found as a package in the affected apps called com.apperhand. As for that list:
| Publisher | Malicious App Title | Category |
| iApps7 Inc | Counter Elite Force | Arcade & Action |
| iApps7 Inc | Counter Strike Ground Force | Arcade & Action |
| iApps7 Inc | CounterStrike Hit Enemy | Arcade & Action |
| iApps7 Inc | Heart Live Wallpaper | Entertainment |
| iApps7 Inc | Hit Counter Terrorist | Arcade & Action |
| iApps7 Inc | Stripper Touch girl | Entertainment |
| Ogre Games | Balloon Game | Sports Games |
| Ogre Games | Deal & Be Millionaire | Sports Games |
| Ogre Games | Wild Man | Arcade & Action |
| redmicapps | Pretty women lingerie puzzle | Photography |
| redmicapps | Sexy Girls Photo Game | Lifestyle |
| redmicapps | Sexy Girls Puzzle | Brain & Puzzle |
| redmicapps | Sexy Women Puzzle | Brain & Puzzle |
Rival Lookout Mobile Security says that there may not be much to worry about, though. They say that the software may simply be a very aggressive advertising tool.
It’s believed that this ad-serving SDK is derived from “ChopCheec” or “Plankton” from yesteryear. “Apperhand,” according to them, is a cleaned up version of those SDKs as it had to be reworked to satisfy those concerned about the sort of capabilities had and the privacy risk. Lookout agrees that the platform is still too aggressive for their liking but they’re not so sure that anything malicious is going on.
- It is capable of identifying the user uniquely by their IMEI, for instance, but unlike some networks this SDK forward-hashes the IMEI before sending to its server. They’re identifying your device, but they are obfuscating the raw data.
- The SDK has the capability to deliver “Push Notification” ads to the user. We’re not huge fans of push notifications, but we also don’t consider push notification advertising to be malware.
- The SDK drops a search icon onto the desktop. Again, we consider bad form, though we don’t consider this a smoking gun for malware provided the content that is delivered is safe. In this case, it is simply a link to a search engine.
- The SDK also has the capability to push bookmarks to the browser. In our opinion, this crosses a line; although we do not believe this is cause to classify the SDK as malware.
So there it is. Lookout says they will continue to investigate the manner but I’d still advise you guys to steer clear of the apps listed above in the meantime, even if most of them are apps you probably wouldn’t be caught downloading. [Symantec, Lookout, thanks to everyone who sent this in!]