Widely distributed Android malware hidden in adult games
- 30 January, 2012 22:00
A recently discovered piece of malware could be hidden in over one million Android devices, making it the most highly distributed piece of mobile malware identified this year, according to Symantec.
On a blog post on the Symantec web site last week, the security company says the Android.Counterclank malware is installed on between one million and five million devices.
The bot-like software is grafted on to vector applications using a package called Apperhand, and can recieve and carry out commands remotely, as well as having the potential to steal data from infected devices.
Symantec has so far identified 13 gaming apps from multiple developers carrying the malware, including several with sexual themes.
A quick look on the Android Market for one such game, Sexy Girls Puzzle by redmicapps, has over 5000 downloads. Another game, Ballon Game by Ogre Games, has over 500,000 downloads and a four star rating.
Symantec says users can identify if they are infected by looking at their running processes for a service called ‘apperhand’, or if they notice a new search icon above the homescreen.
However, mobile security company Lookout doubts the claim by Symantec that the Apperhand package is malware, and says instead it is a particularly agressive piece of adware.
Lookout has determined the Apperhand package to be a part of a software development kit (SDK) used by third-party app developers to monetise their apps through ad revenue.
Devices with Apperhand have their searches redirected through www.searchwebmobile.com, which offers app developers monetary compensation for the service.
In a response to the Symantec post, Lookout says “At this point, it appears that what we’re seeing is an example of an ad network that pushes the lines of privacy.”
Lookout claims the features shown by the Android.Counterclank and Apperhand packages are not dissimilar to those found in other ad network SDKs, like Planktoon or ChoopCheec.
“Almost all of the capabilities attributed to these applications are also attributable to a class of more aggressive ad networks – this includes placing search icons onto the mobile desktop and pushing advertisements through the notifications bar.”
Symantec acknowledged the criticism on its initial blog post with another blog post yesterday, saying this was arguing the semantics of what does and does not constitute malware.
“When classifying applications, our focus is on whether users want to be informed of the application's behaviour, allowing them to make a more informed choice regarding whether to install it,” says Symantec.
“The situation we find ourselves in is similar to when Adware, Spyware, and Potentially Unwanted Applications first made appearances on Windows. Many security vendors did not initially detect these applications, but eventually, and with the universal approval of computer users, security companies chose to notify users of these types of applications.”
Features of Apperhand package (from Symantec blog):
ACTIVATION – Causes a webpage to be displayed. The feature appears to be designed to display a webpage with a EULA (end-user license agreement), but our testing was unable to reproduce applications showing such a page.
HOMEPAGE – Sets the browser’s homepage.
BOOKMARKS – Create or request bookmarks. In our testing, we have seen this feature actively used to send all the bookmarks of a device to apperhand.com.
SHORTCUTS – Create shortcuts on the home screen.
Telecom changes name to Spark
Telecom changes name to Spark
Aerohive hopes to ride enterprise Wi-Fi to a $75M IPO
Intel wants to be the 'operating system' for big data
IT professionals switching jobs for less money
Performance in Supply Chain
Delivering more products, heightened quality and shortened customers with flawless execution and minimal business interruption defines your supply chain success. This report discusses a newly developed end-to-end solution with the right tools to efficiently procure, assemble, ship and deliver the goods your customers want, when they want them.
Case Study: The True Value of Conference Calling
In a study by the University of Bradford study, we look at the benefits of a strong telepresence and how organisations can become faster, more focused and environmentally responsible. Click to download!
451 Group Research Report MDM Trends
As the BYOD model continues to grow at twice the rate of corporate-owned devices, enterprises are facing an increasingly diversified mobility landscape. And though BYOD brings many benefits, complex management and security challenges are also ushered in. Read this report to understand what MDM can and cannot do for you and which solutions are being chosen today - and tomorrow.