January 27, 2012 | by Jamie Maltman
Symantec, the makers of Norton, warned today about several different app publishers that have been found to be pushing out Android.Counterclank. This bot-like threat is a new variation of the threat Android.Tonclank. The malicious code is attached in a package called “apperhand” to the main application and when executed it can carry out certain actions and steal information from the device. It can also place a new Search icon on the Home Screen. Take a look at their visual summary here.
When you combine the number of downloads for all these malicious apps you get 1,000,000 to 5,000,000 installations, which is the widest reach reported for any malware yet this year.
The threat is limited to people who have installed apps from the following list (sorted by publisher). You’ll notice that several of the apps are given similar names to legitimate apps. If you have a similarly named app, check the publisher (ex. there are a number of different Hearts Live Wallpaper apps, but the one by iApps7 Inc is the malicious one), because more than likely you have a legitimate app and are not affected.
- Counter Elite Force
- Counter Strike Ground Force
- CounterStrike Hit Enemy
- Heart Live Wallpaper
- Hit Counter Terrorist
- Stripper Touch girl
- Balloon Game
- Deal & Be Millionaire
- Wild Man
- Pretty women lingerie puzzle
- Sexy Girls Photo Game
- Sexy Girls Puzzle
- Sexy Women Puzzle
If you have been affected, Symantec provides removal instructions using their Norton Mobile Security here.
Some of the named apps are still in the Android Market, but will likely be removed soon by Google.
This serves as another reminder to always check the permission requests for carefully for any new app before you install it, especially those made by lesser known publishers. Just because an app is in the Market doesn’t guarantee it is safe, and be especially careful for non-Market apps.
Source: Symantec.com Official Blog