Five Million Android Users Might Have Fallen Victim to Another Malware Attack

We may earn a commission from links on this page.

According to Symantec, 13 apps from three developers—many in the official Android Market—have been carrying malicious chunks of code called Android.Counterclank, and are suspected of running on as many as five million phones, stealing info and running ads against the will of the device's owner.

ComputerWorld, speaking to Symantec, learned that the apps have been downloadable for over a month, and Symantec calls it the biggest Android malware outbreak to date.

Some of the 13 apps that Symantec identified as infected have been on the Android Market for at least a month, according to the revision dates posted on the e-store. Symantec, however, discovered them only yesterday.

Users had noticed something fishy before then.

"The game is decent ... but every time you run this game, a 'search icon gets added randomly to one of your screens," said one user on Jan. 16 after downloading "Deal & Be Millionaire," one of the 13. "I keep deleting the icon, but it always reappears. If you tap the icon you get a page that looks suspiciously like the Google search page."


The apps, distributed by iApps7, Ogre Games and redmicapps, are mostly games with titles such as Counter Strike Hit Force, Wild Man and Stripper Touch girl. Here's the full list:

Counter Elite Force
Counter Strike Ground Force
CounterStrike Hit Enemy
Heart Live Wallpaper
Hit Counter Terrorist
Stripper Touch girl
Balloon Game
Deal & Be Millionaire
Wild Man
Pretty women lingerie puzzle
Sexy Girls Photo Game
Sexy Girls Puzzle
Sexy Women Puzzle


Not-so-shockingly Symantec believes these publishers exist solely to distribute malware. Google might want to get rid of those.

UPDATE: Computerworld also posted a followup from an Android-centric security firm, Lookout, who claim that the behavior of these apps is on par with at least 10 other ad networks, and shouldn't be considered malware. They say Symantec has overblown their own findings. Symantec has yet to respond. [Symantec via ComputerWorld]