Symantec: Malware Pushed onto Androids

Downloads Raise Concerns for Organizations that Adopt BYOD
Symantec: Malware Pushed onto Androids
Revelation that as many as 5 million Android mobile devices might have downloaded malware reinforces concerns among those charged with securing their organization's information networks about allowing employees to use their own smartphones and e-tablets at work.

"With more people using the same phone for business and personal reasons, the upsurge in smartphone hacking presents a real issue for businesses as well as consumers," said Kevin Curran, head of the School of Computing and Intelligence Systems at the University of Ulster in Northern Ireland.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

IT security provider Symantec, in a posting on Friday, said it identified multiple publisher identifications on the Android Market that are being used to push out Android.Counterclank, a bot-like malware it contends can receive commands to carry out certain actions as well as steal information from the device. "The combined download figures of all the malicious apps indicate that Android.Counterclank has the highest distribution of any malware identified so far this year," Symantec said.

Symantec said the Trojan is available for download in the Android Market as an application package from the following publishers: iApps7, Ogre Games and redmicapps. These apps are for games that carry titles such as Counter Elite Force and Counter Strike Ground Force or photos of scantily dressed women.

"For each of these malicious applications, the malicious code has been grafted on to the main application in a package called 'apperhand,'" the Symantec posting said. "When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the search icon above on the home screen."

Another Opinion

A blog from the mobile security provider Lookout Mobile Security disputed Symantec's assessment the download apps are malware, although Lookout said it believes that apperhand is an aggressive form of an ad network and should be taken seriously.

"The average Android user probably doesn't want applications that contain apperhand on his or her phone, but we see no evidence of outright malicious behavior," Lookout said. "In fact, almost all of the capabilities attributed to these applications are also attributable to a class of more aggressive ad networks - this includes placing search icons onto the mobile desktop and pushing advertisements through the notifications bar."

Warnings such as the one issued by Symantec are seen as becoming commonplace in 2012. The technical professional association IEEE in November predicted that 2012 will be a disruptive year of widespread mobile device hacking [see Paying the Price for Those Free Apps].

To combat hackers, organizations need to adopt a trusted-app approach in which organizations vet applications before being downloaded, Curran said. "A company can have all appropriate firewalls in place, but it takes just one employee to download malware onto their phone," he said. "In fact, with more senior employees using phones for work, it is likely to be C-suite executives exposing businesses to vulnerabilities."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.