So apparently, there are two sides to the whole largest Android malware campaign discovery made by Symantec. While Symantec noted that the malware infected 5 million users, Lookout isn’t agreeing to this assessment. In fact, they don’t believe that Android.Counterclank Apperhand SDK isn’t a malware at all, but an ad network.
According to Lookout, Apperhand isn’t classified as a malware because it has not shown of anything contrary its typical nature. As they put it, ‘malware is defined as software that is designed to engage in malicious behavior on a device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud.’ Since Apperhand did not exhibit any malicious behavior, they are ruling out the belief that it is a malware. Instead, they have reason to believe that it is a very aggressive type of an ad network.
Albeit ongoing investigations to check on the issue, Lookout is doing its job to give a clear understanding on what really happened. Apart from spending a lot of their time looking at mobile apps, Lookout also looks at SDKs which are usually integrated into apps. Recently, they’ve taken more concern on the capacities of different mobile advertising SDKs. Even though Lookout believes that ad networks are crucial for the overall mobile ecosystem, there are just some ad networks that go beyond their typically accepted behavior and start to exhibit aggressive tactics.
Looking back on their previous discoveries, the Apperhand SDK ad network has a huge similarity to the ‘Plankton’ or ‘ChoopCheec platform’ that was largely distributed in several apps in June 2011. Moreover, Lookout has outlined the capabilities of the current SDK that are too common on several other ad networks including identifying unique users through IMEI, deliver Push Notification ads, dropping a search icon on the desktop, and push bookmarks to the browser.
These give Lookout reason to believe that Apperhand SDK is nothing but a very aggressive ad network. Even though they are continuing investigations, they have ruled out the possibility that it is a malware. All the while, however, they advise consumers to take it seriously.
Lookout is currently working on a solution which will educate users about how apps have a potentially undesirable behavior without creating unnecessary worry.