If you downloaded something off the Android Market today, there is a chance that you are one of the 5 million users who have been duped by the largest-ever Android malware campaign. Symantec has dubbed this as the ‘Android.Counterclank’ and was found on 13 infected apps created by three different publishers. The titles of these infected apps include ‘Counter Strike Ground Force’ and ‘Sexy Girls Puzzle.’ Unfortunately of these infected apps were still found available on the market as of 3pm Friday.
In an interview, Symantec’s Security Response Team Director, Kevin Haley said:
“They don’t appear to be real publishers. There aren’t rebundled apps, as we’ve seen so many times before.”
This was in reference to a common tactic which Android malware makers use to deceive innocent users into downloading the infected app. They would normally repackage one legitimate app with an attack code before re-releasing it to the marketplace hoping that this will confuse users to download the fake along with the one that’s real.
Symantec has put an estimate number of the downloaded apps; something the Android Market has only shown as a range. By combining the download totals of the 13 apps, Symantec was able to derive a figure between 1-5 million. “Yes, this is the largest malware [outbreak] on the Android Market.” Haley admitted.
The malware is actually a Trojan that attacks Android smartphones. Upon installation, it collects a wide scope of data, including the handset maker and bookmark copies. Moreover, it modifies the home page of the browser. As a result, hackers have earned some money from the malware by pushing some unwanted advertisements on the compromised Android devices.
One of the reasons why the malware has affected such a huge number of Android users is because they do not bother reading privacy agreements. They simply approve these apps, without even reading information on them.
“If you were the suspicious type, you might wonder why they’re asking for permission to modify the browser or transmit GPS coordinates,” Haley said. “But most people don’t bother.”
If you can still remember the Trojan horse discovered last June 2011 called the Android.Tonclank, today’s malware is a minor variation of it.
Even though the malware was only discovered yesterday, some of the 13 infected apps have already been on the Android Market for at least a month. This is based on the revision dates posted on them. Even Android users did not notice anything fishy.
One user downloaded ‘Deal & Be Millionaire’ last January 16 and had this to say about the app:
“The game is decent… but every time you run this game, a ‘search icon gets added randomly to one of your screens. I keep deleting the icon, but it always reappears. If you tap the icon you get a page that looks suspiciously like the Google search page.”
Deal & Be Millionaire is one of the 13 infected apps.