Symantec’s report found that the Trojan was being bundled with popular apps on the Android Market and it had already infected as much as 5 million devices.
They identified Counterclank as a minor modification of Android.Tonclank, a threat that has the features of a bot, its main purpose being to swipe private information.
Applications such as Hit Counter Terrorist, CounterStrike Hit Enemy, Counter Strike Ground Force and Counter Elite Force were served on the official Android Market with a malicious code that’s inserted as a package called Apperhand.
On the other side of the fence, Lookout also took a peek at these applications and they concluded that even though the Apprehand SDK was “an aggressive form of ad network that should be taken seriously,” it couldn’t really be considered malware.
“The average Android user probably doesn’t want applications that contain Apperhand on his or her phone, but we see no evidence of outright malicious behavior,” Lookout researchers write.
“In fact, almost all of the capabilities attributed to these applications are also attributable to a class of more aggressive ad networks – this includes placing search icons onto the mobile desktop and pushing advertisements through the notifications bar.”
Lookout has been studying mobile advertising SDKs since some of them began using more aggressive tactics to promote their adverts, including pushing notifications, dropping search icons on the device’s desktop, and pushing bookmarks to the browser.
Since ad networks are becoming an important part of the mobile ecosystem, we’ve contacted Lookout to request an interview that may further clarify the use of these elements and their impact on customers. Stay tuned to find out more.