Subscribe to CIO Magazine »

Widely distributed Android malware hidden in adult games

Over one million infected Android devices infected with 'Counterclank' malware according to Symantec.

A recently discovered piece of malware could be hidden in over one million Android devices, making it the most highly distributed piece of mobile malware identified this year, according to Symantec.

On a blog post on the Symantec web site last week, the security company says the Android.Counterclank malware is installed on between one million and five million devices.

The bot-like software is grafted on to vector applications using a package called Apperhand, and can recieve and carry out commands remotely, as well as having the potential to steal data from infected devices.

Symantec has so far identified 13 gaming apps from multiple developers carrying the malware, including several with sexual themes.

A quick look on the Android Market for one such game, Sexy Girls Puzzle by redmicapps, has over 5000 downloads. Another game, Ballon Game by Ogre Games, has over 500,000 downloads and a four star rating.

Symantec says users can identify if they are infected by looking at their running processes for a service called ‘apperhand’, or if they notice a new search icon above the homescreen.

However, mobile security company Lookout doubts the claim by Symantec that the Apperhand package is malware, and says instead it is a particularly agressive piece of adware.

Lookout has determined the Apperhand package to be a part of a software development kit (SDK) used by third-party app developers to monetise their apps through ad revenue.

Devices with Apperhand have their searches redirected through, which offers app developers monetary compensation for the service.

In a response to the Symantec post, Lookout says “At this point, it appears that what we’re seeing is an example of an ad network that pushes the lines of privacy.”

Lookout claims the features shown by the Android.Counterclank and Apperhand packages are not dissimilar to those found in other ad network SDKs, like Planktoon or ChoopCheec.

“Almost all of the capabilities attributed to these applications are also attributable to a class of more aggressive ad networks – this includes placing search icons onto the mobile desktop and pushing advertisements through the notifications bar.”

Symantec acknowledged the criticism on its initial blog post with another blog post yesterday, saying this was arguing the semantics of what does and does not constitute malware.

“When classifying applications, our focus is on whether users want to be informed of the application's behaviour, allowing them to make a more informed choice regarding whether to install it,” says Symantec.

“The situation we find ourselves in is similar to when Adware, Spyware, and Potentially Unwanted Applications first made appearances on Windows. Many security vendors did not initially detect these applications, but eventually, and with the universal approval of computer users, security companies chose to notify users of these types of applications.”

Features of Apperhand package (from Symantec blog):

ACTIVATION – Causes a webpage to be displayed. The feature appears to be designed to display a webpage with a EULA (end-user license agreement), but our testing was unable to reproduce applications showing such a page.

HOMEPAGE – Sets the browser’s homepage.

BOOKMARKS – Create or request bookmarks. In our testing, we have seen this feature actively used to send all the bookmarks of a device to

SHORTCUTS – Create shortcuts on the home screen.

Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
  • The Future of IT: From Chaos to Service Automation
    Technology has become the heart and soul of every business, but IT workload and system complexity become more challenging. This whitepaper details the future of IT, the major challenges facing CIOs, and the three ways to transform IT so CIOs can lead the way.
    Learn more »
  • Oracle Fusion Financials Cloud Service
    Modern organizations are under intense pressure to provide accurate, reliable, and speedy financial information to business decision-makers. Furthermore, complying with global standards has become more of a headache than ever before. How do you know if financial management in the cloud is right for you? This data sheet takes an inside look at Oracle Fusion Financials Cloud Service, exploring key product features as well as financial management benefits your organization can realize quickly, including: Lower transaction processing costs and fewer data entry errors; Automated financial processing; Effective management control; Real-time visibility to financial results; Improved compliance; and more Get everything you need to meet financial compliance and improve your bottom line.
    Learn more »
  • How to Successfully Select an ERP System
    An Enterprise Resource Planning (ERP) system is a series of software applications that collect and compiles data from different departments to enhance collaboration and co-ordination within the business. If you’re looking to implement your first ERP system, or to upgrade from an existing system, this whitepaper offers eight simple steps for selection that will lead to long-term strategic success.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments