Are Millions of Android Phones Infected With Malware? Maybe. Maybe Not.

January 29, 2012 - "Android malware has infected possibly one to five million downloads — "the highest distribution of any malware identified so far this year," a major security company reports," writes Athima Chansanchai at MSNBC's Technolog.

However, there is disagreement among experts about this.

Chansanchai refers to anti-virus software maker Symantec (Norton), whose website yesterday detailed the threats to Android users. "Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank," says Symantec's official blog.

"This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device" and "Counterclank has the highest distribution of any malware identified so far this year."

"Some of these apps are still available on the Android Market," cautions Symantec, "so consider yourself warned if you still want to download anyway."

Lookout Security says that Symantec is making a big deal out of a minor issue. Gregg Keizer at PC World reports that "Researchers from Lookout Security disagreed with rival Symantec that 13 apps on the Android Market were malicious, instead saying that they showed the same behaviors as other ad-supported apps."  In other words, says Lookout Security, the apps might be annoying but they're not dangerous. Lookout says the suspicious software is "spyware" used by advertising networks, but are not precursors to trojan viruses.

Lookout Security's blog said this yesterday: "Today, news came out that claimed a particular family of malware, termed ‘Android.Counterclank’, had infected 5 million users. We disagree with the assessment that this is malware, although we do believe that the Apperhand SDK is an aggressive form of ad network and should be taken seriously. This isn’t malware. The average Android user probably doesn’t want applications that contain Apperhand on his or her phone, but we see no evidence of outright malicious behavior. In fact, almost all of the capabilities attributed to these applications are also attributable to a class of more aggressive ad networks – this includes placing search icons onto the mobile desktop and pushing advertisements through the notifications bar. Malware is defined as software that is designed to engage in malicious behavior on a device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud. Apperhand doesn’t appear to be malicious, and at this point in our investigation, this is an aggressive form of an ad network – not malware." More at Lookout Security...

With experts disagreeing, we certainly can't advise you how to proceed, except to say that caution might not be a bad idea. If you don't need the apps in question, perhaps you should wait for more conclusive reports about them. Lookout promises to continue its research. "We’ll have more to share about what we’re working on in this area in the coming weeks," they say on their blog, "stay tuned."
Enhanced by Zemanta