Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Symantec claims largest ever Android malware find

Five million users downloaded infected apps, claims security researcher

Article comments

The largest-ever Android malware campaign may have duped as many as 5 million users into downloading infected apps from Google's Android Market, according to Symantec.

Dubbed "Android.Counterclank" by Symantec, the malware was packaged in 13 different apps from three different publishers, with titles ranging from "Sexy Girls Puzzle" to "Counter Strike Ground Force". Many of the infected apps were still available on the Android Market at time of writing.

"They don't appear to be real publishers," said Kevin Haley, a director with Symantec's security response team. "These aren't re-bundled apps, as we've seen so many times before."

Haley was referring to a common tactic by Android malware makers to repackage a legitimate app with attack code, then re-release it to the marketplace in the hope that users will confuse the fake with the real deal.

Symantec estimated the impact by combining the download totals, which the Android Market shows as ranges, of the 13 apps, arriving at a figure between one million on the low end and five million on the high. "Yes, this is the largest malware [outbreak] on the Android Market," said Haley.

Android.Counterclank is a Trojan horse that when installed on an Android smartphone collects a wide range of information, including copies of the bookmarks and the handset maker. It also modifies the browser's home page. The hackers have monetised the malware by pushing unwanted advertisements to compromised Android phones.

Although the infected apps request an uncommonly large number of privileges, something that the user must approve, Haley argued that few people bother reading them before giving their okay.

"If you were the suspicious type, you might wonder why they're asking for permission to modify the browser or transmit GPS coordinates," said Haley. "But most people don't bother."

Android.Counterclank is a minor variation on an older Android Trojan horse called Android.Tonclank that was discovered in June 2011.

Some of the 13 apps that Symantec identified as infected have been on the Android Market for at least a month, according to the revision dates posted on the e-store. Symantec, however, discovered them only yesterday.

Users had noticed something fishy before then.

"The game is decent... but every time you run this game, a search icon gets added randomly to one of your screens," said one user after downloading "Deal & Be Millionaire" application. "I keep deleting the icon, but it always reappears. If you tap the icon you get a page that looks suspiciously like the Google search page."

Android users have hammered one of the infected apps with low review scores, calling it 'crap'. All 13 suspected apps are free for the downloading.

Symantec's researchers have told Google of their discovery, said Haley. Google, however, did not immediately reply to questions and a request for confirmation on the security firm's claims.

Haley said Symantec's researchers are still "peeling back the layers of the onion," and added that the company would publish more information on the threat as it unearthed details. "What's interesting here is that instead of taking legitimate apps, [malware authors] have created apps similar to legitimate ones," said Haley. "That, and the big numbers of downloads, of course."

Symantec has published a list of the 13 infected apps on its website.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *