Android.Counterclank Trojan Discovered by Symantec (Update)
There was a short period of silence with regards to malware affecting Google Android-powered devices but the hackers were obviously hard at work. According to a Symantec report, multiple publishers on the Android Market are pushing out a recent threat named Android.Counterclank.
Android.Counterclank, a variant of Android.Tonclank, is a Trojan horse that steals information. The applications which were infected come from publishers iApps7 Inc., Ogre Games, and redmicapps and contain a package called “apperhand” which, once executed, can copy bookmarks on the device, copy opt out details, copy push notifications, copy shortcuts, identify the last executed command, modify the browser’s home page, steal build information (such as brand, device, manufacturer, model, OS, etc.). Some can even extract information related to Android ID, IMEI, IMSI, MAC address, and SIM serial number.
According to several reports, Android.Counterclank on applications from the above-named publishers have infected millions of devices.
Google can remove the applications that are infected from the Android Market (and has done so in the past with previous threats) but an a-priori check on applications could eliminate the problem. Of course, Google’s model enables developers to quickly feature their applications in the Market but situations like these generate victims.
Update: Symantec has updated its stance on the above, saying: “Since our initial blog post, we have determined the code in the Tonclank and Counterclank applications comes from the same vendor. The vendor is a company who distributes a SDK (software development kit) to third parties to help them monetize their applications, primarily through search.” Instead of being an actual malware infected bit, the applications are falling in the “Adware, Spyware, and Potentially Unwanted Applications” category like those on the Windows PC platform.