Symantec revealed via blog post that they have identified multiple publisher IDs on the Android Market that are being used to host malware-infected apps. The threat is being classified as the largest distribution of malware to hit Android this year.
The specific threat is known as Android.Counterclank, a slightly modified version of Android.Tonclank that was discovered last summer. The recently discovered Counterclank is a Trojan horse that steals information from infected devices and is being included in the main application in a package called “apperhand”. When the package is run, a service with the same name may be seen running on an infected device. Another sign of infection is the presence of a Search icon on the home screen.
Symantec notes that three publishers were flagged for distributing Counterclank as a package inside apps: iApps7 Inc., Ogre Games and redmicapps. A total of 13 apps between the three distributors are known to be infected, including titles such as Counter Elite Force, Stripper Touch Girl and Balloon Game. The combined apps have a download count of nearly five million.
But not everyone believes that Android.Counterclank is malicious in nature. Lookout Mobile Security openly disagrees with Symantec’s ruling that Counterclank is malware. Instead, they feel that the code is better described as an aggressive ad network that is pushing the lines of privacy. Lookout notes that most users likely wouldn’t want Counterclank on their handset and it should additionally be taken seriously.