Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.
For each of these malicious applications, the malicious code has been grafted on to the main application in a package called “apperhand”. When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen.
The combined download figures of all the malicious apps indicate that Android.Counterclank has the highest distribution of any malware identified so far this year.
|Publisher||Malicious App Title||Category|
|iApps7 Inc||Counter Elite Force||Arcade & Action|
|iApps7 Inc||Counter Strike Ground Force||Arcade & Action|
|iApps7 Inc||CounterStrike Hit Enemy||Arcade & Action|
|iApps7 Inc||Heart Live Wallpaper||Entertainment|
|iApps7 Inc||Hit Counter Terrorist||Arcade & Action|
|iApps7 Inc||Stripper Touch girl||Entertainment|
|Ogre Games||Balloon Game||Sports Games|
|Ogre Games||Deal & Be Millionaire||Sports Games|
|Ogre Games||Wild Man||Arcade & Action|
|redmicapps||Pretty women lingerie puzzle||Photography|
|redmicapps||Sexy Girls Photo Game||Lifestyle|
|redmicapps||Sexy Girls Puzzle||Brain & Puzzle|
|redmicapps||Sexy Women Puzzle||Brain & Puzzle|
Symantec is continuing with further investigation and we will post more information as we discover it.