Android App Downloaders Exposed to Malicious Trojan

The proliferation of Android-based devices is just too good an opportunity for malicious hackers to pass up. Symantec announced this week that a Trojan called Android.Counterclank has been proliferating in Android Market, and up to 5 million installations of the malicious app may have occurred. Three app developers were identified as distributors of Trojan-laced games in Marketplace: iApps7 Inc., Ogre Games and redmicapps.

Symantec's diagram of what the Android.Counterclank Trojan does after it infects an Android device. (Image: Symantec)

On installation, the Trojan app asks for several pertinent permissions for it to work, such as accessing information about networks and WiFi states, installing shortcuts, opening network connections, access to device settings  and other data gathering activities. After installation, the Trojan collects user and device information and sends the data to its servers. While Symantec’s classification of Counterclank  is Low Risk, the compiled information such as the Android ID, IMEI, IMSI, MAC address and SIM serial number can be sold off for device cloning.

Symantec published the list of malicious applications published by iApps7 Inc., Ogre Games and redmicapps. The report also identified the payload and tell-tale indications of Trojan presence.

(E)ach…  malicious code has been grafted on to the main application in a package called “apperhand”. When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen.

The games are aimed at young men apparently (heck, men in general), with selections such as Counter Strike Ground Force, Stripper Touch girl (both by iApps7 Inc), Wild Man (Ogre Games) and Sexy Girls Photo Game (redmicapps).

With Android coming to fore as the number one target for hackers and malware developers, it is always a good idea to keep your devices secure by installing reputable applications and always checking the list of permissions these apps want to access.