Trojan found in 13 games on the official Android Market

By +Frank B.
in Android Support

 Share

Recommended Posts

Grand Master

+Frank B. Subscriber²

Posted
  • Subscriber²
Posted

Android.Counterclank Found in Official Android Market

Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.

_original

For each of these malicious applications, the malicious code has been grafted on to the main application in a package called ?apperhand?. When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen.

The combined download figures of all the malicious apps indicate that Android.Counterclank has the highest distribution of any malware identified so far this year.

post-1302-0-62412000-1327751224.png

Symantec is continuing with further investigation and we will post more information as we discover it.

Source: Symantec

Grand Master

Japlabot

Posted
Posted

Forget fragmentation, Google need to fix this. Android apps need to be sandboxed and don't get access to any User Data or to Modify system settings unless the user explicitly permits, rather than prompting the user for 10 different permissions they don't understand when they install it and giving the app free reign. The Android Market is very immature in this regard in comparison to iOS App Store.

Grand Master

Dot Matrix

Posted
Posted

Moar Android malware? Color me not surprised. Android's a mess of epic proportions.

This is why you shouldn't download apps such as "Stripper Touch girl" and "Pretty women lingerie puzzle"

You're talking about the same users who did the same thing on their Windows systems. "Click here to download FREE screensavers!"

Mentor

myxomatosis

Posted
Posted

Apple's policies are sometimes a pain in the ass, but when I see things like that ruining the Android Market, I'm glad to have an iPhone. My 4S is jailbroken, so I *CAN* download a virus if I'm not careful, but at least I KNOW the risk, I know there's crap on the Cydia Store cuz I know it's an alternative store, not the "real thing"... It sucks for Android users, who assume that if it's offered on the official Android Market it's safe, to get an infected phone. I know I can trust what is offered in the App Store.

I like Android, but Google must do something about that! The Market is a jungle

Grand Master

techbeck

Posted
Posted

Apple's policies are sometimes a pain in the ass, but when I see things like that ruining the Android Market, I'm glad to have an iPhone. My 4S is jailbroken, so I *CAN* download a virus if I'm not precaucious, but at least I KNOW the risk, I know there's crap on the Cydia Store.... It sucks for Android users, who assume that if it's offered on the Android Market it's safe, to get an infected phone. I know I can trust what is offered in the App Store.

Symantec has been proven wrong...these are not trojans or anything like that.

And no amount of security will protect you if you are stupid user. Doesnt matter if you are WP7, Android, or Apple.

  • Seahorsepip
  • Like 1
Proficient

Glen

Posted
Posted

Symantec has been proven wrong...these are not trojans or anything like that.

And no amount of security will protect you if you are stupid user. Doesnt matter if you are WP7, Android, or Apple.

This. When you install an app on an Android device, it will tell you the permissions it needs and then it's up to you to determine if it's asking for too much. Just like with a desktop or laptop computer, users need to get educated to protect themselves against those that would exploit their ignorance.

Mentor

Lucas

Posted
Posted

This. When you install an app on an Android device, it will tell you the permissions it needs and then it's up to you to determine if it's asking for too much. Just like with a desktop or laptop computer, users need to get educated to protect themselves against those that would exploit their ignorance.

Not every user is tech savvy or enjoys spending his day reading and checking what it does, how it does it and how it can affect him. iPhone users at least don't have to worry about that and I think it goes the same way with WP. We need to try and see here we're not the only ones using technology and not everyone enjoys learning as much as others do about it.

Mentor

SaltLife

Posted
Posted

This. When you install an app on an Android device, it will tell you the permissions it needs and then it's up to you to determine if it's asking for too much. Just like with a desktop or laptop computer, users need to get educated to protect themselves against those that would exploit their ignorance.

Negative.... When I use a designated store from my operating system provider I expect a certain level of integrity from that provider. This is not some third party whom I am downloading from. If I were to download the application from an outside source, outside of their ecosystem your point would be valid.

I do however agree that education is vital and may have saved people from these applications, however I will stand by my previous statement and that these types applications damage the integrity of their store and should not be allowed.

Grand Master

techbeck

Posted
Posted

This. When you install an app on an Android device, it will tell you the permissions it needs and then it's up to you to determine if it's asking for too much. Just like with a desktop or laptop computer, users need to get educated to protect themselves against those that would exploit their ignorance.

Not every user is tech savvy or enjoys spending his day reading and checking what it does, how it does it and how it can affect him. iPhone users at least don't have to worry about that and I think it goes the same way with WP. We need to try and see here we're not the only ones using technology and not everyone enjoys learning as much as others do about it.

What I mean about security is this..

You can password protect anything...put a pin number on it...pattern unlock...whatever. People are so dumb that they will give this info to their friends or family members. Or, they will write their passwords someplace next to what they are "protecting" So again, no amount of security will protect the stupid...and there are many of those out there...and I know this article is about software, not password protection.

And education is the key. If you buy something and dont spend the time to learn how to use it correctly, then I will not feel sorry for you if something goes wrong.

Grand Master

HawkMan

Posted
Posted

To bad Symantec is stupid and doesnt know what they are talking about.

http://m.androidcent...A11&sitesearch=

No according to that it's most definitiely a trojan, only a fanboy would claim an app that does all that is not when it sneaks in as part of another app that you haven't requested.

Grand Master

techbeck

Posted
Posted

Come on!! You forgot the Sexy Girl Puzzle!! Whats wrong with you???

Somehow I dont think that the situation is as bad as some would make it out to be... And lookOut helps :)

Its not. They are not trojans just software for ads. Symantec spoke to soon.

No according to that it's most definitiely a trojan, only a fanboy would claim an app that does all that is not when it sneaks in as part of another app that you haven't requested.

Trojans cause damage or something malicious to the system it is on...like deleting files, destroying info, or allowing remote accesss. This software, as pointed out by Lookout, does not do this and is just for use for advertising.

Grand Master

HawkMan

Posted
Posted

Its not. They are not trojans just software for ads. Symantec spoke to soon.

Trojans cause damage or something malicious to the system it is on...like deleting files, destroying info, or allowing remote accesss. This software, as pointed out by Lookout, does not do this and is just for use for advertising.

No.

A Trojan, sneaks in by pretending to be something it is not. it does not necessarily cause damage, but in this case it spies and steals data which qualifies enough.

A virus spreads by itself by attaching to other programs and hides, it also does not necessarily cause damage.

A worm is kind of like a virus but it doesn't need to infect another program to spread. it spreads fully by itself. it also does not necessairly need to cause any damage.

Causing damage was never a pre-requisite for any of these definitions though in the past it was the primary reason for them. Today int he itnernet age however, there are many more "uses" for these, though they are all bad. but the definition of Trojan, Virus and Worm is just a delivery method for malware or badware. The payload can be anything, like in this case malicious spyware and adware.

Proficient

Glen

Posted
Posted

Not every user is tech savvy or enjoys spending his day reading and checking what it does, how it does it and how it can affect him. iPhone users at least don't have to worry about that and I think it goes the same way with WP. We need to try and see here we're not the only ones using technology and not everyone enjoys learning as much as others do about it.

I do not disagree with you. When I am asked by family and friends which computer or other device they should choose I always take their lifestyle into consideration. Right now and in it's current state, Android is probably not the best option for people who are not tech enthusiasts. The same could be said of Linux, but probably to a greater degree. For most people I know who just need something that works and is well supported, I tend to recommend Apple and Microsoft products. For myself, I like Android BECAUSE of the open platform approach and I'd really hate to see it restricted instead of becoming more open.

Negative.... When I use a designated store from my operating system provider I expect a certain level of integrity from that provider. This is not some third party whom I am downloading from. If I were to download the application from an outside source, outside of their ecosystem your point would be valid.

I do however agree that education is vital and may have saved people from these applications, however I will stand by my previous statement and that these types applications damage the integrity of their store and should not be allowed.

I will concede to agree with you on the point of the Marketplace. Google should probably take steps to make the default Marketplace more secure, but I wouldn't want them to move in a direction that would make it so restrictive as to discourage legitimate app developers on the platform.

Mentor

SaltLife

Posted
Posted

Trojans cause damage or something malicious to the system it is on...like deleting files, destroying info, or allowing remote accesss. This software, as pointed out by Lookout, does not do this and is just for use for advertising.

A Trojan horse, or Trojan, is software that is intended to perform, simultaneously, a desirable (expected) effect and a covert (unexpected) effect...

But, yes they are associated with malicious acts as that is typically the only reason to inflict such an action on a user(s) system.

Grand Master

techbeck

Posted
Posted

A Trojan horse, or Trojan, is software that is intended to perform, simultaneously, a desirable (expected) effect and a covert (unexpected) effect...

But, yes they are associated with malicious acts as that is typically the only reason to inflict such an action on a user(s) system.

The apps are legit and the "trojan" is just an advertising component. Granted, more aggressive than other ads but a lot of apps on all markets have advertising components. So its no big deal.

Grand Master

HawkMan

Posted
Posted

The apps are legit and the "trojan" is just an advertising component. Granted, more aggressive than other ads but a lot of apps on all markets have advertising components. So its no big deal.

it's undesires spyware and malware that infects your phone without your wishes.

it's a Trojan.

Veteran

~Johnny

Posted
Posted

So it's adware that people don't actually want, that also takes serials numbers from phones (why would it even need your MAC address at any rate)? Dishonest adware? That technically can be classified as malware - though it's not destructive. Might not be sinister either, though I doubt anyone here can prove either way right now.

Mentor

evo_spook

Posted
Posted

The apps are legit and the "trojan" is just an advertising component. Granted, more aggressive than other ads but a lot of apps on all markets have advertising components. So its no big deal.

Stop trying to defend the undefensible. Lets get two things straight.

1. As Android developer and Supplier of the Android Marketplace, Google should not be allowing damaging Apps to be put up there, they need to do something, either change Android that it runs apps better in a sandbox or something or police the market place a lot better even if it closes it up. Remember, Google charges the Carriers/manufacturers for access to the market and take a cut of the apps paid for, with this should come the responsibility to police it, its only time before they are hit with a massive law suit.

2. We should not have to put virus checkers on our Phones, if that is the future then their is something seriously gone wrong.

Grand Master

techbeck

Posted
Posted

If this was that big of deal, Google would have removed the apps like they have did so before. But right now, Google is refusing to do so and the Apps are still on the market. So far, nothing has been proven that this causes any damage or is being used for malicious intent. So IMO, no big issue at the moment.

We have Symantec (says its malware/trojan) saying one thing, and Lookout (says its not malware or a trojan) saying another. So unless Symantec says its not an issue, or Lookout says it is...It is just a matter of opinion if it is something to be concerned about.

Stop trying to defend the undefensible. Lets get two things straight.

1. As Android developer and Supplier of the Android Marketplace, Google should not be allowing damaging Apps to be put up there,

This is no proof, so far, that this is damaging.

And dont tell me what I can and cannot do. I will post my opinion on this as much as I want.

Grand Master

LaP

Posted
Posted

Going by the definition of trojan some people have here DRM softwares are trojan and all stores should stop selling games using them (almost all games) right now because of it.

Sorry but virus and trojan do bad things to your computer. If not then they are not a virus or a trojan. They are either spyware or bloatware.

90% (number is from my ***) of sotware these days install unwanted apps doing useless things for the user.

Mentor

evo_spook

Posted
Posted

If this was that big of deal, Google would have removed the apps like they have did so before. But right now, Google is refusing to do so and the Apps are still on the market. So far, nothing has been proven that this causes any damage or is being used for malicious intent. So IMO, no big issue at the moment.

We have Symantec (says its malware/trojan) saying one thing, and Lookout (says its not malware or a trojan) saying another. So unless Symantec says its not an issue, or Lookout says it is...It is just a matter of opinion if it is something to be concerned about.

This is no proof, so far, that this is damaging.

And dont tell me what I can and cannot do. I will post my opinion on this as much as I want.

Stop being agro over a common saying.

If you don't think that this needs improving before it starts damaging android, then I'm speechless. Freedom is all very well but their needs to be checks in place so that people can be secure in their devices. You argue about Android being hackable and update Roms, etc, but a lot of people buy it just as a phone or simple content browser, they don't want the hassle of having to managing like a Windows 98 computer they just want it to work.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By monterxz · Posted

      You sound like some Ukrainians in Crimea before 2014: "I didn't vote for USSR disbanding - I want Ukraine to be part of Russia again" 🤣
    • Uninstalr 3.1

      By Copernic · Posted

      Uninstalr 3.1 by Razvan Serea Introducing Uninstalr: Easy to use and very accurate software uninstaller for Windows. It can uninstall multiple apps at the same time and we think it’s pretty cool. Developed with expertise by Macecraft Software - the minds behind jv16 PowerTools. Key Features Batch uninstall many apps at the same time. Supports unattended uninstallation of apps. Supports monitoring of new software installations. Also detects portable apps and previously uninstalled software leftovers. Shows all the data added to your system by installed software on a file by file basis. Shows all the data it will remove before starting the uninstallation. Filter and search the list of installed software. According to our benchmark, Uninstalr is the most accurate software uninstaller by leaving the least amount of leftovers when uninstalling apps. Supports detection and uninstallation of Microsoft Store, Steam, Big Fish Game System, Chocolatey, NuGet and Ninite installed software. Supports Windows Dark Mode. Supports Windows 11, 10, 8 and 7. Comes with these translations builtin: Chinese Simplified, Chinese Traditional, Czech, Danish, English, Filipino, Finnish, French, German, Greek, Hindi, Hungarian, Indonesian, Italian, Japanese, Korean, Malay, Norwegian, Polish, Portuguese, Romanian, Slovak, Spanish, Swedish, Thai, Turkish, Ukrainian and Vietnamese. Has a single executable file portable version and a normal setup version. Uninstalr is freeware, lightweight and easy to use. No bells and whistles, no nonsense. Uninstalr’s custom uninstallation engine has a dedicated support for the detection and uninstallation of 15 types of apps: Normal Windows apps Microsoft Store apps Portable apps Chocolatey apps Ninite apps PortableApps.com apps Steam games EA App games Epic Games Store games Riot platform games GOG Galaxy games WarGaming.net games Battle.net games itch.io games Big Fish platform games Uninstalr 3.1 changelog: Key Changes Uninstalr now starts and shows the list of installed apps faster after the initial scan has been completed, and with much smaller memory usage. Uninstalr now detects and highlights apps that automatically start with Windows. Greatly improved the detection of portable apps. Improvements New feature: Uninstalr now detects and highlights apps that automatically start with Windows. New feature: Uninstalr now highlights possible leftovers and apps from Russia and China. This can be disabled from the Settings. New feature: A new filter that allows you to show only software that is installed to other than the system drive. New feature: Users can now select to always do the deepest and the most accurate scan for installed apps, at the cost of the analysis taking a longer time. Greatly improved the detection of portable apps, such as added dedicated support for MiTeC, EZ Tools and SysInternals tools. Improved support for portable apps installed via Windows System Control Center (WSCC). NirSoft portable apps are now listed with "NirSoft" prefix for easier identification. Improved the speed of uninstalling apps. The main installed software listing search will now find "Xbox GameBar" if you search for "Game bar" and vice versa. The tooltip now displays more detailed information of the installed apps, such as its registry key and uninstaller path. The links in the About section now look more like clickable links. The main menu is now more clearly indicated in the main user interface. Microsoft Teams Meeting Add-in for Microsoft Office ships with some Windows 11 installations and is now considered a builtin Windows app and only listed if builtin Windows apps filter is enabled. Added a Help button to the main user interface that opens the help section of the website. Added an option not to close Uninstalr after uninstallation. If you open the Uninstalr website from the app, the website now receives the version number of your current Uninstalr version and warns you if you are using anything but the latest version. Improved the accuracy of the New Software Monitor. Improved confirmation messages for Steam and other platform related uninstalls. Improved the uninstallation performance of Steam games. Fixes: Known bug fixed: Some installed app names are capitalized incorrectly, such as "CCleaner Portable" is listed as "ccleaner portable". Known bug fixed: Some apps can be listed twice, for example, Smart Defrag can be listed once as Smart Defrag and then Smart Defrag Home. Known bug fixed: On the pre-uninstallation screen, the Scripts checkbox can be checked by default on Dark Mode but not on the normal mode. Known bug fixed: Perform Deep Analysis can be started only by clicking the button, not via the Right Click menu, main menu or F4 keyboard shortcut. Muse Hub could be incorrectly listed as Adobe Muse. SyncTrayzor was incorrectly detected as two unrelated software, SyncTrayzor and Syncthing. Smart Defrag was incorrectly listed twice as Smart Defrag 11 and Smart Defrag Home. It was possible to enter non-printable characters to the search input boxes of the main screen, and the path listing screen, which caused the UI to look funny. Changing the translation from Settings, especially many times in a row, caused the UI to distort. If you had multiple instances of portable apps on your system, such as the 64b and 32b versions of the same portable app, typically only one of them was detected, not both. In some very rare cases, Uninstalr UI could start with random characters in its search input boxes, which could make the UI look rather confusing. This was a rare issue, only reported by two users. The pre-uninstallation screen could display non-existing paths for example as the software's installation directory or main exe file. This was a cosmetic issue. New Software Monitor cannot detect the installation of Claude. Selecting all the found software made the UI look funny with the top panel covering everything else (because the names of all the selected software were listed there). Sometimes a Steam game could be listed a normal app instead of a Steam game. If the system restart after an uninstallation is delayed, e.g. because of Windows Updates being installed, this additional delay is incorrectly added to the time how long the uninstallation process took. This cosmetic bug could cause the program incorrectly report an uninstallation time longer than the actual uninstallation time. Uninstalling Minecraft could simply fail. The Only scan the system drive for installed apps setting does not fully work. If some apps are installed to a non system drive and this setting is enabled, the app could still be detected and listed on the main user interface. Changing any settings could also incorrectly alter the Only Scan The System Drive For Installed Apps setting. Microsoft OneDrive and Copilot are not always detected. If you enter something to the search filter field, then select the text and press the Delete key, this triggers the Uninstall button click even if your intent was to delete the text input. If you press the F5 key to refresh the screen during the uninstallation loading screen, the program will crash. If you enabled some setting, such as "Do not analyze installed app installation sizes", it could automatically be unchecked later. Uninstalr doesn't warn you if you try to remove Fortec antivirus. There should be a warning if user attempts to remove any antivirus or antimalware type program. Such programs should not be uninstalled using a third party uninstaller, as they are typically protected against automated uninstallation, for security reasons. With "Do not analyze installed app installation sizes" option checked from the Settings, Uninstalr could still display some installation size related elements in the UI which was confusing. The "Only scan the system drive" option moved under Improve Scan Speed from the General settings. If two software have the exact same name and version number, selecting both of them for uninstallation fails because only one is actually selected. Sorting the installed apps by size sometimes fails and the order is incorrect. The "Don't show which paths are currently analyzed" did not work correctly - some parts of the UI still show the currently analyzed path with this setting checked. The "Don't list software less than 10 MB" filter did not work correctly - some apps smaller than 10 MB could still be listed. Uninstalr could start very quickly and display an empty list of detected apps. Restarting the app usually fixed the issue and the list of installed apps was properly displayed. If you placed portable Uninstalr to a same folder with other portable apps, those were not detected because Uninstalr automatically added its installation folder to the ignore list. When trying to uninstall some specific software, Uninstalr could get stuck on the Searching for more data relating to the app phase. Uninstalr could sometimes do a silent uninstallation even if user had unchecked the Perform a silent uninstallation option. Known issues: Uninstalr can fail to run with an Out Of Memory error in systems that have a lot of installed apps. Using the New Software Monitor tool multiple times during one session can cause the program to get stuck on the Scanning stage. The "uninstallation completed" message box sometimes closes when the user moves the mouse cursor over the button before user clicks it. There is no feedback for the user after Fix Information feature has been used. The Right Click menu's Select by publisher option can display the number of apps per each publisher without correct vertical alignment. The default user interface might not display all of the found installed apps if you have over 600 installed apps. If you do, using the Screen Reader Compatible Interface solves the issue. Leftover apptype filter checkbox is shown in red font only in Dark Mode. Clicking the app's icon from the Windows Taskbar doesn't minimize/restore the app like other apps. The warning about an app that user wishes to uninstall being related to some other app user did not select can sometimes be inaccurate. If app's language is changed without restarting Uninstalr, the list of installed software might not automatically refresh. When software is being uninstalled, the UI can say it is processing paths unrelating to the uninstalled app. This is purely cosmetic and does not mean these paths are removed. Uninstalr might not properly detect and/or uninstall Steam games if they are installed to a drive different than Steam's default location in C:\. You might see "This action is only valid for products that are currently installed" error message from Windows Installer during uninstallation. This is a cosmetic issue. Download: Uninstalr 3.1 | 7.1 MB (Free, paid version available) Download: Uninstalr Setup 3.1 View: Uninstalr Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By ad47uk · Posted

      I and many others did not vote to get out of the E.u because of Putin or Farage, we did so for our own reasons. You don't have to tel me what my own did or did not do when it comes to the E.U. The EEC is or was the European Economic Community, a different beast to what the E.U is now.The EEC was a mainly about trading, the E.U have gone far beyond that and as I have said before, is now more of a United States of Europe. The U.K did not vote to join a United States of Europe. Anyway, they did not want us in there in the first place, Charles de Gaulle stopped us joining as he claimed we didn’t agree with the core ideas of integration. He was not wrong and that is why we voted out of the E.U when the time came. I was not old enough to vote the first time. My only regret is that we did not have the referendum years ago and got out years ago. If we rejoined, we would have to agree to join the Euro and no doubt Schengen, agree with freedom of movement, we have enough problem with people coming over here as it is. i have no problem with people coming over here if they work and don't try to push their way of life onto us. The E.U has a currency, freedom of movement, an anthem a flag, a parliament, well they are there, not sure if they do anything. Don't sound like something that is just for trading. Oh yeah, also wanted a euro Army. How many stupid rules have the E.U made that we had to follow? I doubt I will see the Uk rejoin the E.U, which suits me. Oh yeah, my partner is Polish, she came over here before Poland joined the E.U and she got fed up of people just coming over here with ease, while she had to struggle. She is now a British citizen and have been for a fair few years
    • Why Delta Chat is the best decentralized messenger you have probably never tried

      By Fleet Command · Posted

      Hello, Paul. Thanks for the editorial. It was interesting. I'm going research more into the app and its concept. Of course, if you know me at all, you know that I'd say your articles needs some editing! I always do, don't I? For instance, the article occasionally mentions relays before defining it.
    • Weekend PC Game Deals: Steam Summer Sale 2026 Edition

      By +InsaneNutter · Posted

      Screamer is 50% off on Steam, making it £24.99 here in the UK: https://store.steampowered.com/app/2814990/Screamer/ You might remember the series from the mid 90s / early 2000s, this new game is also by Milestone who created the older games.

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      +Edouard
      226
    3. 3
      PsYcHoKiLLa
      153
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!