The largest-ever Android malware campaign may have duped as many as 5 million users into downloading infected apps from Google’s Android Market, Symantec said today.

Dubbed “Android.Counterclank” by Symantec, the malware was packaged in 13 different apps from three different publishers, with titles ranging from “Sexy Girls Puzzle” to “Counter Strike Ground Force.” Many of the infected apps were still available on the Android Market as of 3 p.m. ET Friday.

“They don’t appear to be real publishers,” Kevin Haley, a director with Symantec’s security response team, said in an interview today. “These aren’t rebundled apps, as we’ve seen so many times before.”

Haley was referring to a common tactic by Android malware makers to repackage a legitimate app with attack code, then re-release it to the marketplace in the hope that users will confuse the fake with the real deal.

Symantec estimated the impact by combining the download totals — which the Android Market shows as ranges — of the 13 apps, arriving at a figure between 1 million on the low end and 5 million on the high. “Yes, this is the largest malware [outbreak] on the Android Market,” said Haley.

Android.Counterclank is a Trojan horse that when installed on an Android smartphone collects a wide range of information, including copies of the bookmarks and the handset maker. It also modifies the browser’s home page.

The hackers have monetized the malware by pushing unwanted advertisements to compromised Android phones.

Although the infected apps request an uncommonly large number of privileges — something that the user must approve — Haley argued that few people bother reading them before giving their okay.

“If you were the suspicious type, you might wonder why they’re asking for permission to modify the browser or transmit GPS coordinates,” said Haley. “But most people don’t bother.”

Android.Counterclank is a minor variation on an older Android Trojan horse called Android.Tonclank that was discovered in June 2011.

Some of the 13 apps that Symantec identified as infected have been on the Android Market for at least a month, according to the revision dates posted on the e-store. Symantec, however, discovered them only yesterday.

Users had noticed something fishy before then.

“The game is decent … but every time you run this game, a ‘search icon gets added randomly to one of your screens,” said one user on Jan. 16 after downloading “Deal & Be Millionaire,” one of the 13. “I keep deleting the icon, but it always reappears. If you tap the icon you get a page that looks suspiciously like the Google search page.”

Android Counterclank

Android users have hammered one of the infected apps with low review scores, calling it ‘crap.’

All 13 suspected apps are free for the downloading.

Symantec’s researchers have told Google of their discovery, said Haley. Google, however, did not immediately reply to questions and a request for confirmation on the security firm’s claims.

Haley said Symantec’s researchers are still “peeling back the layers of the onion,” and added that the company would publish more information on the threat as it unearthed details. “What’s interesting here is that instead of taking legitimate apps, [malware authors] have created apps similar to legitimate ones,” said Haley. “That, and the big numbers of downloads, of course.”

Symantec has published a list of the 13 infected apps on its website.

Categories: News

18 Comments

cenforce 25 · January 19, 2020 at 11:57 am

extremely stand [url=http://cavalrymenforromney.com/#]cenforce 25[/url]
less fat elsewhere suggestion cenforce 100 far total cenforce 25 especially
career http://cavalrymenforromney.com/

womens treatment center chicago · February 25, 2020 at 7:57 pm

codeine withdrawal symptoms stroke recovery prescription drug rehab phoenix rehab grand rapids best alcohol rehab centers east coast

naltrexone for sale uk · March 6, 2020 at 5:01 am

argument lot naltrexone cost originally market almost [url=https://bimatoprostonline.confrancisyalgomas.com/#]bimatoprost for sale[/url] suddenly bid https://naltrexoneonline.confrancisyalgomas.com/

alcohol detox medication · March 12, 2020 at 12:01 pm

ÿþ<

Britnalaf · March 18, 2020 at 5:00 am

[url=https://chloroquinego.com/#]chloroquine bayer[/url]
chloroquine how to take
chloroquine fish
chloroquine wormwood

Britnalaf · March 20, 2020 at 3:51 am

[url=https://chloroquinego.com/#]chloroquine eye[/url]
chloroquine zwangerschap
chloroquine phosphate as
chloroquine kopen belgie

amoxicillin for sale in usa without px · April 9, 2020 at 6:04 am

amoxicillin for sale in usa without px https://amoxycillin1st.com/

generic albuterol inhaler for sale · April 14, 2020 at 12:51 am

where wish [url=https://amstyles.com/#]generic albuterol inhaler for sale[/url] highly king suddenly editor albuterol inhaler for sale generic personally bag generic albuterol
inhaler for sale originally gold https://amstyles.com/

APriommamaphomo · April 19, 2020 at 11:52 pm

buy cialis

acetaminophen walmart · May 1, 2020 at 2:27 am

acetaminophen walmart https://tylenol1st.com/

Aderminhiscess · May 3, 2020 at 5:41 am

generic cialis

Aderminhiscess · May 6, 2020 at 9:38 am

buy cialis

Heenonskercite · May 14, 2020 at 2:27 am

buy clomid online

Heenonskercite · May 18, 2020 at 3:49 pm

buy clomid

Heenonskercite · May 23, 2020 at 11:46 am

clomid 50 mg

buy hydroxychloroquine · May 30, 2020 at 12:56 am

buy hydroxychloroquine https://hydroxychloroquine1st.com/

AbPriommamaphomo · June 22, 2020 at 2:24 pm

buy cialis

Leave a Reply

Your email address will not be published.

error: Content is protected !!!