Feeds

Sexy Girls Puzzle: Android Trojan or eager ad-slinger?

Researchers split on Counterclank's naughtiness

Security for virtualized datacentres

Security researchers are split on the seriousness of an Android "malware" campaign that some estimates suggest may have "infected millions" of smartphones via gaming apps from Google's Android Market.

"Android.Counterclank" – a piece of code described by Symantec as a Trojan and by Lookout Mobile Security as part of "an aggressive form of ad network" – can be found in over 13 different mobile gaming apps – including Sexy Girls Puzzle and Counter Strike Ground Force – from three different publishers, according to Symantec. The security software biz said that legitimate games are sometimes repackaged with Trojan horse malware and uploaded to the Android Marketplace in order to infect users.

Kevin Haley, a director with Symantec's security response team, told Computerworld that the apps might have infected anywhere between one and five million users. However, Symantec's official write-up describes Counterclank as a low-risk threat that is easy to remove, hasn't spread very far and has probably only infected 1,000 smartphone users.

Both Symantec and rival Lookout acknowledge that Counterclank lifts information from the user's phone, which includes the browser settings and (in the case of some but not all games) SIM serial and IMEI numbers.

However, while Symantec classes Counterclank as a Trojan, Lookout disagrees.

"Some companies are calling this a botnet or malware. Lookout has some concerns about the functionality, however at this time, and as far as we can tell, it does not meet the standard to be classified as malware or a 'bot'," said Lookout. "Consumers should take these apps very seriously as they appear to tread on privacy lines, but they are not necessarily malicious."

Instead of describing the suspicious apps as Trojans, Lookout characterises Sexy Girls Puzzle and Counter Strike Ground Force as the fruit of a software development kit (SDK) for a mobile advertising network, identified as "Apperhand", and said it ought to be taken seriously.

"The average Android user probably doesn’t want applications that contain Apperhand on his or her phone, but we see no evidence of outright malicious behaviour," a blog post by Lookout explains. "In fact, almost all of the capabilities attributed to these applications are also attributable to a class of more aggressive ad networks – this includes placing search icons onto the mobile desktop and pushing advertisements through the notifications bar."

"Malware is defined as software that is designed to engage in malicious behavior on a device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud. Apperhand doesn’t appear to be malicious, and at this point in our investigation, this is an aggressive form of an ad network – not malware," it added.

Lookout researchers wrote that the Apperhand SDK is similar to a previous mobile advertising SDK – ChoopCheec (AKA Plankton) – that "crossed several privacy lines in the data it collected about users" when it first appeared last year.

Even though Plankton has been modified since, it still does a number of things, such as "pushing" notification ads, dropping a search item on desktops or automatically adding bookmarks, that are liable to give more privacy-conscious mobile users the fear. ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.