Symantec announced Friday that it had found the Android.Counterclank malware present in more than a dozen applications available in the official Google Android Market. Counterclank is identified as the malware with the highest distribution discovered so far this year--a dubious distinction, given the year is less than a month old.
The chart Symantec provided indicated the possibility of one million to five million installations of malware-infected apps. This has provided plenty of grist for the media mill, as headlines shouting "Millions of Android users infected with malware!" started bouncing around over the weekend.
Of the 13 identified Android apps, eight have been removed from the Market, which included all of the apps from the publisher iApps7, Inc:
- iApps7 Inc:
- Counter Elite Force
- Counter Strike Ground Force
- Counter Strike Hit Enemy
- Heart Live Wallpaper
- Hit Counter Terrorist
- Stripper Touch Girl
- Sexy Girls Photo Game
- Sexy Women Puzzle
Five apps remain in the Market:
- Sexy Girls Puzzle
- Pretty Women Lingerie Puzzle
- Ogre Games
- Balloon Game
- Deal & Be Millionaire
- Wild Man
Now here's where it gets interesting. Ogre Games, whose Deal & Be Millionaire has had between 1 million and 5 million downloads (sound familiar?) according to the Android market, has the following disclaimer posted on its game's Android market page:
WE ARE NOT MALWARE!! Symantec, the company that wrongly labelled [sic] this app as malware the other day, have contacted us and are in the process of un-doing the mistake they did and whitelabling our product.
A call to Symantec's PR agency, which had sent out the Friday release identifying this malware discovery in the Market, resulted in my receiving the following response:
We are continuing our analysis of this issue and expect additional information shortly. For years security companies did not detect adware/greyware in the PC space and it became a nuisance. Eventually security companies did address this space to the benefit of computer users. We always attempt to make decisions in the best interest of our customers.
[Update: ]Later on, Symantec issued a statement elaborating further on the matter.
Now, given that the vast majority of free applications in Android and iOS are ad supported, where does one draw the line between adware and malware? Especially since, unlike your Windows PC, you can make the ads go away by just deleting the offending app.
There aren't any insidious applications that bury themselves in your Android firmware--at least, not yet. Late last year, Chris DiBona, open source programs manager at Google, posted on his Google + account: "Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself."
The Symantec security report on the Android.Counterclank malware identified in the original announcement, which was updated today, classifies the malware at "Risk Level 1: Very Low", and only states that it has approximately one thousand reports of it in the wild. If you are concerned because you had downloaded any of the apps identified here, there are instructions on the Symantec site on how to remove the malware using the 90-day free trial of its Android anti-virus product.
Also, note that the malware can simply be removed by going into Settings>Applications>Manage on your Android device, and clicking on Uninstall for the potentially infected products that you wish to remove.