SECURITY VENDOR Symantec claims to have identified what it is calling the biggest distribution of malware this year on Google's Android operating system.
The firm has discovered that a trio of apps publishers have distributed a Trojan called Android.Counterclank. It is a version of the older Android.Tonclank and has been found in 13 apps that have combined download figures into the millions.
Symantec said on its blog, "The combined download figures of all the malicious apps indicate that Android.Counterclank has the highest distribution of any malware identified so far this year."
The three publishers are Iapps7 Inc, Ogre Games, and Redmicapps. At the time of writing only five of the apps are still on the Android Market, including Sexy Girls Photo Game and Deal & Be Millionaire. The latter has had between one million and five million installs in the last 30 days.
The allegely malicious code is in the apps inside a package named "Apperhand". A compromised device might have data stolen or carry out unexpected activity. Symantec said the apps are malicious copies of legitimate apps.
One user suspected dodgy activity and said in a review, "It requests the ability to add/remove icons to your home screen! Upon running the game for the first time it adds a suspicious 'Search' icon to your homescreen. May be a malicious website or just intrusive advertising." Symantec confirmed the search icon as a sign of infection.
However, Lookout, a firm that specialises in mobile security said, "We disagree with the assessment that this is malware, although we do believe that the Apperhand SDK [software development kit] is an aggressive form of ad network and should be taken seriously."
This app requests some strange permissions on installation, including the phone's features, which can "determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like".
This is something that users don't generally bother to check and needs addressing, as we pointed out in a column on mobile malware. Symantec said that it is still investigating the issue and will post further information as it finds out more. µ