Millions Infected with Trojan Hidden in Android Apps

A large malware ring might have infected more than 5 million Android users with fraudulent apps, according to Symantec.

The malware, code-named "Android.Counterclank," is a Trojan that steals information and can download additional malicious files. According to Symantec, the Trojan has been identified in 13 different apps in the Android Marketplace.

"For each of these malicious applications, the malicious code has been grafted on to the main application in a package called 'apperhand'," wrote Symantec, in a blog post. "When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen."

The 13 apps hiding the malware are: Counter Elite Force, Counter Strike Ground Force, CounterStrike Hit Enemy, Heart Live Wallpaper, Hit Counter Terrorist, Stripper Touch Girl, Balloon Game, Deal & Be Millionaire, Wild Man, Pretty Women Lingerie Puzzle, Sexy Girls Photo Game, Sexy Girls Puzzle and Sexy Women Puzzle.

While rival app stores such as Apple's iTunes and Microsoft's Zune Marketplace have instituted a strict testing protocol for all new software entries, Google's relatively lax quality control and open source platform can lead to higher numbers of malicious applications being included compared with its competitors.

Many security researchers, including a team from Georgia Tech, have forecasted a huge rise in malware hitting the Google platform due both to its open source platform and the large target it presents for attackers. Google owns 52.5 percent of the smartphone market share, according to Gartner.

Symantec stated it had notified Google of the apps hiding malicious code. However,  many of the infected entries were still available on the Android Market as of Friday afternoon.

Symantec alerted the public and Google of its findings today. However, many user reviews for the apps in question have been pointing out the issues.

"Kept the game, accidently started it again today and somehow ended up with a WRAPPIO - NOTIFICATION BAR - AD SPAM issue, and a strange (fake) market icon, wrote user Albione, in a review for Counter Elite Force. 'Downloaded AirPush Detector after looking at a couple forums. Flagged right away. Uninstalled immediately. Hoping it resolves the issue, but just Uninstalled…'."

For removal of the malware, Symantec is advising smartphone users to uninstall the infected applications and run a mobile antivirus program. Norton offers a free 90-day trial to its Norton Mobile Security application, which can be downloaded here.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.