OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In

New Android Scare: Just How Malignant Is That Malware?

New Android Scare: Just How Malignant Is That Malware?

Symantec says it's discovered a new form of Android malware that it says has already infected up to 5 million users. Android-based malware has been spotted before, but this time some security researchers are questioning whether it's fair to call what Symantec's found "malware," or whether it would be more accurately classified as "adware."

By Richard Adhikari LinuxInsider ECT News Network
01/31/12 5:00 AM PT

Antivirus vendor Symantec announced recently that up to 5 million Android devices may have been infected with a particular type of malware.

Multiple publishers were pushing out apps -- some of which were found in the official Android Market -- containing malware known as "Counterclank," according to the AV company.

This is a minor modification of Android Tonclank, a bot-like threat that can receive commands to carry out certain actions as well as steal information from the device.

The malicious code Symantec detected had been grafted onto the main app through a package called "Apperhand," the company said. When the package is executed, a service, also called "Apperhand," may be seen running on an infected device.

Further, an unwanted search icon might show up on the infected device's screen, Symantec said.

Malware? Que Malware?

However, security experts from other organizations said the infected apps weren't carrying malware but adware.

"We're 100 percent certain that Apperhand isn't malware; it's just a form of an ad network," Tim Wyatt, principal engineer at Lookout Mobile Security, told LinuxInsider.

"I'd call it a 'Pup,'" Dave Marcus, director of security research and communications at McAfee Labs, told LinuxInsider. PuP refers to a potentially unwanted program.

"Until some more information surfaces that this is malware, I'd say there's no need to be concerned," suggested Roger Thompson, chief emerging threats researcher at ICSA Labs.

Why the Malware Fears Were Sparked

Android Counterclank has the highest distribution of any malware identified so far this year, Symantec stated.

Publishers whose apps apparently contained Apperhand include iApps7, Ogre Games, and redmicapps. Affected apps include "Sexy Women Puzzle," "Deal & Be Millionaire," "Stripper Touch Girl," "Counter Elite Force" and "Hit Counter Terrorist."

The skyrocketing popularity of Android devices has exacerbated concerns among AV vendors that a flood of Android malware is on its way this year.

Android is more vulnerable than the iPhone or BlackBerry for three reasons, ICSA's Thompson told LinuxInsider.

First, you can download Android apps from any website, he said. Second, it is "very easy to Trojanize" an Android app compared an iOS app, which "would require significant reverse engineering first," Thompson said. Third, the development platform "is cheap and well-understood."

Adware, Malware - What's the Difference?

The Apperhand SDK in Android Counterclank can identify users uniquely by their International Mobile Equipment Identity (IMEI) number, Lookout said. It can also deliver push notification ads and bookmarks to browsers, and drop search icons on the screen.

Although apps containing Apperhand are not necessarily malicious, "we think aggressive adware pushes the privacy bounds and people have a right to not want apps like this on their devices," Lookout's Wyatt said.

"Who will decide where the thin line between legitimate apps and adware or spyware should be?" asked Jakob Ehrensvard, chief technology officer at Yubico.

Further, the question of whose responsibility it will be "if the user accepts a ... legal document by simply clicking 'OK' and then later finds out that he has accepted being monitored" needs to be clarified, Ehrensvard told LinuxInsider.

Sniffing Out the Unwanted Ads

"Some vendors have added detection for [Apperhand], but others are still trying to make up their minds," ICSA Labs' Thompson suggested. "It's simply not an easy decision. Symantec initially saw it one way, and they may change their minds."

Indeed, that's just what might happen.

"We are continuing our analysis of this issue and expect additional information shortly," Eric Chien, director of Symantec Security Response, told LinuxInsider.

The emergence of aggressive adware may spur antivirus vendors to action.

"For years, security companies did not detect adware or greyware in the PC space, and it became a nuisance," Chien remarked. "Eventually security companies did address this space to the benefit of computer users."

Google did not respond to our request for comment.

Facebook Twitter LinkedIn Google+ RSS
Are you looking forward to self-driving cars?
You bet -- I'd love to have a built-in chauffeur.
Yes -- self-driving cars will save lives.
Kind of -- I'd like some self-driving features, like parking.
No -- self-driving cars are too dangerous.
No -- I don't want to give up another freedom.
Absolutely not -- I saw Terminator and I'm not letting some robot take me for a ride!
PENN STATE ONLINE Information Technology Degrees and Certificates