Android, the Google OS powering millions of mobile phones and tablets, is under a serious malware attack, according to the latest news stories flooding the Internet. However, one security company says the reports aren't true, calling it aggressive marketing tactics instead.
Dubbed Android Counterclank by security company Symantec, the attack comes in the form of games found on the Android Market site.
"Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device."
Symantek lists the names of 13 applications it believes contain the Counterclank malicious code.
The malware appears to collect data from the infected devices such as bookmarks and the name of the device manufacturer. And while this seems fairly innocuous, it is not: Armed with those two pieces of data, it wouldn’t be difficult for cybercriminals to create a fairly polished phishing attack that appears to be from the manufacturer, who cites a user’s bookmark as being malware. Then the user would be to be told to go to the manufacturer’s site to rid the device of the software, where the user would have to prove his or her identity by giving up even more personal information such as how the user paid for the device and his or her credit card number or banking information.
What makes Counterclank especially pernicious is the fact that it won’t go away. It returns in various disguises to steal information and sell unwanted products, according to the GMA Network site.
One malware victim noted a game he downloaded, "Deal and Be a Millionaire," was “decent,” but each time the user ran the game a search icon was added to one of the screens. “I keep deleting the icon, but it always reappears," he said. "If you tap the icon you get a page that looks suspiciously like the Google search page.”
Although the malware continually requests permission for privileges that must be approved by the user, the attackers are counting on the fact that many users approve requests in a reflex reaction without tthinking about what they might be approving.
According to the reports, Counterclank also modifies the browser home page to make it easier for the malware to continue to operate.
Despite all of these reports, however, there are some doubters who claim it is not malware but rather just a combination of poorly designed software and over-aggressive marketing.
As reported in the British publication The Guardian, although Symantec claims Counterclank is a “bot-like threat,” Lookout Mobile Security, a company that specializes in mobile and Android attacks, thinks otherwise. “We disagree with the assessment that this is malware, although we do believe that the Apperhand SDK [contained in the apps] is an aggressive form of ad network and should be taken seriously,” The Guardian quoted Lookout as saying.
Either way, one thing is for certain: Android is now part of the pantheon of major operating systems that will continue to grab the attention of users and misusers alike.