Trojan found in 13 games on the official Android Market

By +Frank B.
in Android Support

 Share

Recommended Posts

Grand Master

+Frank B. Subscriber²

Posted
  • Subscriber²
Posted

Android.Counterclank Found in Official Android Market

Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.

_original

For each of these malicious applications, the malicious code has been grafted on to the main application in a package called ?apperhand?. When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen.

The combined download figures of all the malicious apps indicate that Android.Counterclank has the highest distribution of any malware identified so far this year.

post-1302-0-62412000-1327751224.png

Symantec is continuing with further investigation and we will post more information as we discover it.

Source: Symantec

Grand Master

Japlabot

Posted
Posted

Forget fragmentation, Google need to fix this. Android apps need to be sandboxed and don't get access to any User Data or to Modify system settings unless the user explicitly permits, rather than prompting the user for 10 different permissions they don't understand when they install it and giving the app free reign. The Android Market is very immature in this regard in comparison to iOS App Store.

Grand Master

Dot Matrix

Posted
Posted

Moar Android malware? Color me not surprised. Android's a mess of epic proportions.

This is why you shouldn't download apps such as "Stripper Touch girl" and "Pretty women lingerie puzzle"

You're talking about the same users who did the same thing on their Windows systems. "Click here to download FREE screensavers!"

Mentor

myxomatosis

Posted
Posted

Apple's policies are sometimes a pain in the ass, but when I see things like that ruining the Android Market, I'm glad to have an iPhone. My 4S is jailbroken, so I *CAN* download a virus if I'm not careful, but at least I KNOW the risk, I know there's crap on the Cydia Store cuz I know it's an alternative store, not the "real thing"... It sucks for Android users, who assume that if it's offered on the official Android Market it's safe, to get an infected phone. I know I can trust what is offered in the App Store.

I like Android, but Google must do something about that! The Market is a jungle

Grand Master

techbeck

Posted
Posted

Apple's policies are sometimes a pain in the ass, but when I see things like that ruining the Android Market, I'm glad to have an iPhone. My 4S is jailbroken, so I *CAN* download a virus if I'm not precaucious, but at least I KNOW the risk, I know there's crap on the Cydia Store.... It sucks for Android users, who assume that if it's offered on the Android Market it's safe, to get an infected phone. I know I can trust what is offered in the App Store.

Symantec has been proven wrong...these are not trojans or anything like that.

And no amount of security will protect you if you are stupid user. Doesnt matter if you are WP7, Android, or Apple.

  • Seahorsepip
  • Like 1
Proficient

Glen

Posted
Posted

Symantec has been proven wrong...these are not trojans or anything like that.

And no amount of security will protect you if you are stupid user. Doesnt matter if you are WP7, Android, or Apple.

This. When you install an app on an Android device, it will tell you the permissions it needs and then it's up to you to determine if it's asking for too much. Just like with a desktop or laptop computer, users need to get educated to protect themselves against those that would exploit their ignorance.

Mentor

Lucas

Posted
Posted

This. When you install an app on an Android device, it will tell you the permissions it needs and then it's up to you to determine if it's asking for too much. Just like with a desktop or laptop computer, users need to get educated to protect themselves against those that would exploit their ignorance.

Not every user is tech savvy or enjoys spending his day reading and checking what it does, how it does it and how it can affect him. iPhone users at least don't have to worry about that and I think it goes the same way with WP. We need to try and see here we're not the only ones using technology and not everyone enjoys learning as much as others do about it.

Mentor

SaltLife

Posted
Posted

This. When you install an app on an Android device, it will tell you the permissions it needs and then it's up to you to determine if it's asking for too much. Just like with a desktop or laptop computer, users need to get educated to protect themselves against those that would exploit their ignorance.

Negative.... When I use a designated store from my operating system provider I expect a certain level of integrity from that provider. This is not some third party whom I am downloading from. If I were to download the application from an outside source, outside of their ecosystem your point would be valid.

I do however agree that education is vital and may have saved people from these applications, however I will stand by my previous statement and that these types applications damage the integrity of their store and should not be allowed.

Grand Master

techbeck

Posted
Posted

This. When you install an app on an Android device, it will tell you the permissions it needs and then it's up to you to determine if it's asking for too much. Just like with a desktop or laptop computer, users need to get educated to protect themselves against those that would exploit their ignorance.

Not every user is tech savvy or enjoys spending his day reading and checking what it does, how it does it and how it can affect him. iPhone users at least don't have to worry about that and I think it goes the same way with WP. We need to try and see here we're not the only ones using technology and not everyone enjoys learning as much as others do about it.

What I mean about security is this..

You can password protect anything...put a pin number on it...pattern unlock...whatever. People are so dumb that they will give this info to their friends or family members. Or, they will write their passwords someplace next to what they are "protecting" So again, no amount of security will protect the stupid...and there are many of those out there...and I know this article is about software, not password protection.

And education is the key. If you buy something and dont spend the time to learn how to use it correctly, then I will not feel sorry for you if something goes wrong.

Grand Master

HawkMan

Posted
Posted

To bad Symantec is stupid and doesnt know what they are talking about.

http://m.androidcent...A11&sitesearch=

No according to that it's most definitiely a trojan, only a fanboy would claim an app that does all that is not when it sneaks in as part of another app that you haven't requested.

Grand Master

techbeck

Posted
Posted

Come on!! You forgot the Sexy Girl Puzzle!! Whats wrong with you???

Somehow I dont think that the situation is as bad as some would make it out to be... And lookOut helps :)

Its not. They are not trojans just software for ads. Symantec spoke to soon.

No according to that it's most definitiely a trojan, only a fanboy would claim an app that does all that is not when it sneaks in as part of another app that you haven't requested.

Trojans cause damage or something malicious to the system it is on...like deleting files, destroying info, or allowing remote accesss. This software, as pointed out by Lookout, does not do this and is just for use for advertising.

Grand Master

HawkMan

Posted
Posted

Its not. They are not trojans just software for ads. Symantec spoke to soon.

Trojans cause damage or something malicious to the system it is on...like deleting files, destroying info, or allowing remote accesss. This software, as pointed out by Lookout, does not do this and is just for use for advertising.

No.

A Trojan, sneaks in by pretending to be something it is not. it does not necessarily cause damage, but in this case it spies and steals data which qualifies enough.

A virus spreads by itself by attaching to other programs and hides, it also does not necessarily cause damage.

A worm is kind of like a virus but it doesn't need to infect another program to spread. it spreads fully by itself. it also does not necessairly need to cause any damage.

Causing damage was never a pre-requisite for any of these definitions though in the past it was the primary reason for them. Today int he itnernet age however, there are many more "uses" for these, though they are all bad. but the definition of Trojan, Virus and Worm is just a delivery method for malware or badware. The payload can be anything, like in this case malicious spyware and adware.

Proficient

Glen

Posted
Posted

Not every user is tech savvy or enjoys spending his day reading and checking what it does, how it does it and how it can affect him. iPhone users at least don't have to worry about that and I think it goes the same way with WP. We need to try and see here we're not the only ones using technology and not everyone enjoys learning as much as others do about it.

I do not disagree with you. When I am asked by family and friends which computer or other device they should choose I always take their lifestyle into consideration. Right now and in it's current state, Android is probably not the best option for people who are not tech enthusiasts. The same could be said of Linux, but probably to a greater degree. For most people I know who just need something that works and is well supported, I tend to recommend Apple and Microsoft products. For myself, I like Android BECAUSE of the open platform approach and I'd really hate to see it restricted instead of becoming more open.

Negative.... When I use a designated store from my operating system provider I expect a certain level of integrity from that provider. This is not some third party whom I am downloading from. If I were to download the application from an outside source, outside of their ecosystem your point would be valid.

I do however agree that education is vital and may have saved people from these applications, however I will stand by my previous statement and that these types applications damage the integrity of their store and should not be allowed.

I will concede to agree with you on the point of the Marketplace. Google should probably take steps to make the default Marketplace more secure, but I wouldn't want them to move in a direction that would make it so restrictive as to discourage legitimate app developers on the platform.

Mentor

SaltLife

Posted
Posted

Trojans cause damage or something malicious to the system it is on...like deleting files, destroying info, or allowing remote accesss. This software, as pointed out by Lookout, does not do this and is just for use for advertising.

A Trojan horse, or Trojan, is software that is intended to perform, simultaneously, a desirable (expected) effect and a covert (unexpected) effect...

But, yes they are associated with malicious acts as that is typically the only reason to inflict such an action on a user(s) system.

Grand Master

techbeck

Posted
Posted

A Trojan horse, or Trojan, is software that is intended to perform, simultaneously, a desirable (expected) effect and a covert (unexpected) effect...

But, yes they are associated with malicious acts as that is typically the only reason to inflict such an action on a user(s) system.

The apps are legit and the "trojan" is just an advertising component. Granted, more aggressive than other ads but a lot of apps on all markets have advertising components. So its no big deal.

Grand Master

HawkMan

Posted
Posted

The apps are legit and the "trojan" is just an advertising component. Granted, more aggressive than other ads but a lot of apps on all markets have advertising components. So its no big deal.

it's undesires spyware and malware that infects your phone without your wishes.

it's a Trojan.

Veteran

~Johnny

Posted
Posted

So it's adware that people don't actually want, that also takes serials numbers from phones (why would it even need your MAC address at any rate)? Dishonest adware? That technically can be classified as malware - though it's not destructive. Might not be sinister either, though I doubt anyone here can prove either way right now.

Mentor

evo_spook

Posted
Posted

The apps are legit and the "trojan" is just an advertising component. Granted, more aggressive than other ads but a lot of apps on all markets have advertising components. So its no big deal.

Stop trying to defend the undefensible. Lets get two things straight.

1. As Android developer and Supplier of the Android Marketplace, Google should not be allowing damaging Apps to be put up there, they need to do something, either change Android that it runs apps better in a sandbox or something or police the market place a lot better even if it closes it up. Remember, Google charges the Carriers/manufacturers for access to the market and take a cut of the apps paid for, with this should come the responsibility to police it, its only time before they are hit with a massive law suit.

2. We should not have to put virus checkers on our Phones, if that is the future then their is something seriously gone wrong.

Grand Master

techbeck

Posted
Posted

If this was that big of deal, Google would have removed the apps like they have did so before. But right now, Google is refusing to do so and the Apps are still on the market. So far, nothing has been proven that this causes any damage or is being used for malicious intent. So IMO, no big issue at the moment.

We have Symantec (says its malware/trojan) saying one thing, and Lookout (says its not malware or a trojan) saying another. So unless Symantec says its not an issue, or Lookout says it is...It is just a matter of opinion if it is something to be concerned about.

Stop trying to defend the undefensible. Lets get two things straight.

1. As Android developer and Supplier of the Android Marketplace, Google should not be allowing damaging Apps to be put up there,

This is no proof, so far, that this is damaging.

And dont tell me what I can and cannot do. I will post my opinion on this as much as I want.

Grand Master

LaP

Posted
Posted

Going by the definition of trojan some people have here DRM softwares are trojan and all stores should stop selling games using them (almost all games) right now because of it.

Sorry but virus and trojan do bad things to your computer. If not then they are not a virus or a trojan. They are either spyware or bloatware.

90% (number is from my ***) of sotware these days install unwanted apps doing useless things for the user.

Mentor

evo_spook

Posted
Posted

If this was that big of deal, Google would have removed the apps like they have did so before. But right now, Google is refusing to do so and the Apps are still on the market. So far, nothing has been proven that this causes any damage or is being used for malicious intent. So IMO, no big issue at the moment.

We have Symantec (says its malware/trojan) saying one thing, and Lookout (says its not malware or a trojan) saying another. So unless Symantec says its not an issue, or Lookout says it is...It is just a matter of opinion if it is something to be concerned about.

This is no proof, so far, that this is damaging.

And dont tell me what I can and cannot do. I will post my opinion on this as much as I want.

Stop being agro over a common saying.

If you don't think that this needs improving before it starts damaging android, then I'm speechless. Freedom is all very well but their needs to be checks in place so that people can be secure in their devices. You argue about Android being hackable and update Roms, etc, but a lot of people buy it just as a phone or simple content browser, they don't want the hassle of having to managing like a Windows 98 computer they just want it to work.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • You've tried DuckDuckGo and Brave Search, now get serious with SearXNG

      By Skyfrog · Posted

      For some reason I suddenly have the urge to go shopping at Sears.
    • You've tried DuckDuckGo and Brave Search, now get serious with SearXNG

      By Nas · Posted

      So I did a quick test based on 3+ different public instances from the litany at searx.space ... and it spins everything rather differently. It seems that SearXNG is a meta-search engine (queries multiple search indexes rather than only Google's or Bing's or Wikipedia's or Reddit's) that operates in two modes: > public instances ... each instance opens itself to outside users who piggyback on its cached search history; this instance's own identity becomes known/tracked but end-users are hidden similar to an anonymization proxy; this instance's querying of major search indexes may be API based [rated limited, blocked, etc.]). > private instances ... your private install/instance that itself queries multiple (configurable) search indexes of crawled web content; every major Search Engine associates all traffic to your private instance (so your traffic is tracked via network usages) but client-side tracking (your own browser/computer specs) is flushed because it's a "server" doing the querying rather than your browser. My test asked the same 1 question to the 3+ engines and they all returned vastly different results: some had CAPTCHA failures against Google, some had failures against Wikipedia, and the actual results were also different -- some had auto-complete enabled, others returned a wikipedia highlighted excerpt despite the Wikipedia failure (hinting at results being cached from previous keyword matching), and others just gave an Are-You-Human non-CAPTCHA loop before returning random results. So this begs the caveat: Search query results will vary based on which instance is used because every instance queries the other search indexes separate (and thus its results are influenced on that instance's aggregate search history and index-access limitations). The major distinctions for SearXNG versus DDG or Brave: > The search UI is 'untracked' since no UI trackers are baked-in which would phone home or lay cookies into your browser (for DDG/Brave usage stats), > There is no 'crawler' that canvasses the Internet to discover fresh content (it leaves that to the major search indexes), > Queries multiple search indexes ("meta-search engine") based on the configurations and usage history of the server instance, > Privacy-friendly due to its ability to shield user tracking via standing up a non-local server instance connectable to major VPN providers: queries would all appear to come from general VPN/Proxy providers rather than your private instance (whether installed locally or on your own VPS in the cloud). PS: I've previously come across specialized search engines of this nature that indexes searches across media assets like YT, OF, etc. SearXNG seems to be a good backbone...if the rate-limiting/captcha/etc. issues were resolved.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By excalpius · Posted

      For a guy who claims to hate Farage and the ignorant, gullible, rightwing racist skinheads sponsored by Putin that his lies represent, you sure are quoting them time and time and time again, mate. I guess you're conveniently ignoring the fact that your country and commonwealth just happened to work much better when it was still part of the E.U.? Denial isn't just a river in Egypt.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By ad47uk · Posted

      Do you live in the U.K? Do any of the people here that are against the UK leaving the E.U, live in the U.K? If not then why are you bothered? If you do live here then it is a different thing . Brexit was a good idea, should have done it years before, it was done badly, but the idea was good. You are saying the same thing as remainers do, oh we did what Putin wanted, we listened to the lies and Farage. I hate Farage and never believed most of what he said, certainly did not believe the £350m a week for the NHS. But we did pay a lot of money to the E.U and yes some of it came back, but what is the point of paying it out for only some of it to come back? Get out of the E.U, no money to them and in theory we can use the money to do things in the country. I said in theory, but our governments are a total and complete waste of space. No matter what colour rosette they wear. You and others say it was a mistake and yet the two main parties in the U.K are not looking at rejoining the EU, I wonder why that is? I was not tricked by anyone. Makes no odds now, we are out and have been for 10 years, what we need is a decent government to run the country. All they do is shout at each other like a load of kids and seems to do nothing and make this country more into a police and nanny state. Getting more like China all the time.
    • 4TB TEAMGROUP MP44Q, 2TB T-Force G50, and 2TB WD My Passport SSDs drop to great prices

      By Fiza Ali · Posted

      4TB TEAMGROUP MP44Q, 2TB T-Force G50, and 2TB WD My Passport SSDs drop to great prices by Fiza Ali Prime Day may be over, but there are still worthwhile storage deals available, including discounts on SSDs for shoppers who missed the event or are looking to upgrade their storage solution. Particularly, 2TB Western Digital My Passport, 2TB TEAMGROUP T-Force G50, and 4TB TEAMGROUP MP44Q SSD are selling at great prices with up to 23% off. The 2TB TEAMGROUP T-Force G50 is an M.2 2280 PCIe 4.0 x4 NVMe SSD with sequential read speeds of up to 5,000MB/s and sequential write speeds of up to 4,500MB/s. The drive has an endurance rating of 1,300 TBW (terabytes written) and features a DRAM-less design. The company specifies a mean time between failures (MTBF) of 3 million hours. The drive includes an "ultra-thin" graphene heat spreader that helps dissipate heat without significantly increasing the drive's thickness. It also supports S.M.A.R.T. monitoring, allowing compatible software to monitor drive health and operating status. The SSD is rated for operating temperatures from 0°C to 70°C, with a storage temperature range of -40°C to 85°C. The drive is backed by a five-year limited warranty as well. 2TB TEAMGROUP T-Force G50 SSD: $269.99 (Amazon US) The TEAMGROUP MP44Q is an M.2 2280 PCIe 4.0 x4 NVMe SSD that delivers sequential read speeds of up to 7,000MB/s and sequential write speeds of up to 5,900MB/s. It uses 3D QLC NAND flash memory to provide 4TB of storage capacity for games, applications, media files, and other data. The drive has an endurance rating of 2,000 TBW and an MTBF of 1.6 million hours. The SSD features a DRAM-less design and supports TEAMGROUP's S.M.A.R.T. monitoring software, allowing users to monitor drive health, temperature, and remaining lifespan. For thermal management, the MP44Q also includes an "ultra-thin" graphene heat spreader. It is designed to operate at temperatures between 0°C and 70°C and can be stored at temperatures ranging from -40°C to 85°C. The SSD is also backed by a five-year limited warranty. 4TB TEAMGROUP MP44Q SSD: $478.99 (Amazon US) The 2TB WD My Passport SSD connects via a USB-C port using the USB 3.2 Gen 2 interface. It delivers sequential read speeds of up to 1,050MB/s and sequential write speeds of up to 1,000MB/s through NVMe technology. In terms of security features, the drive includes password protection with 256-bit AES hardware encryption. The SSD is also designed to resist shock and vibration and is rated to withstand drops from heights of up to 6.5 feet. The recommended operating temperature range is 5°C to 35°C, while the non-operating temperature range is -20°C to 65°C. This drive is also backed by a five-year limited warranty. 2TB Western Digital My Passport SSD: $279.99 (Amazon US) Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      492
    2. 2
      +Edouard
      225
    3. 3
      PsYcHoKiLLa
      147
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!