ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

Millions caught up in Android botnet

By | January 28, 2012, 5:27am PST

Summary: More malware found lurking in the official Google Android market.

Security firm Symantec has uncovered a massive botnet that may have lured millions of unwitting Android users into downloading malware infected apps from the official Google Android Market.

The Trojan, dubbed ‘Android.Counterclank‘ by Symantec, was packaged into at least 13 free games published by three different publishers on the official app download site. The following apps are known to be affected:

Published by iApps7 Inc:

  • Counter Elite Force
  • Counter Strike Ground Force
  • CounterStrike Hit Enemy
  • Heart Live Wallpaper
  • Hit Counter Terrorist
  • Stripper Touch Girl

From publisher Ogre Games:

  • Balloon Game
  • Be Millionaire
  • Wild Man

From publisher redmicapps:

  • Pretty women lingerie puzzle
  • Sexy Girls Photo Game
  • Sexy Girls Puzzle
  • Sexy Women Puzzle

According to Symantec researcher Irfan Asrar, Counterclank is capable of carrying out commands received from a remote server and is capable of both stealing information from, and displaying ads on, infected Android handsets.

According to Symantec, Counterclank has the highest distribution of any Android malware identified so far this year.

Back in December of last year I wrote about six problems that was facing Android that Google was doing nothing to address. One of those issues was security, both the lack of decent security tools and the increasing proliferation of malware appearing in the official Google Android Market. It seems clear that Google’s idea of curating the official download site is to limited to cleaning up toxic spills rather than preventing them in the first place. This process doesn’t seem to be working and is putting user’s data at risk.

It’s time Google started taking security much more seriously.

Related:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Symantec Corp., Botnet, Security Company, Android Botnet, Home Office Security, Security, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

55
Comments
Add Your Opinion

Join the conversation!

Just In

Reply to Toddybottom. RE: AV for Android.
Joe.Smetona Updated - 31st Jan
@toddybottom_z ... You missed it. DTS was making a joke about using AV on Android. The problem is between the Gorilla glass and the chair. The install anything and everything mentality comes from Windows users. Smart users of any OS are careful about what they install and can tell when DTS is kidding.
View in thread
0 Votes
+ -
RE: Millions caught up in Android botnet
Peter Perry 28th Jan
Could Google be better? Sure, and I am sure they will get there but honestly, the percentage of infections is still very low, even if the press wants to hit it hard.

For the record, similar botnets had been found on jailbroken iOS devices as well so I think to some degree this is unpreventable 100% of the time as the user will always be a weak link and the honest people will be colateral damage!
0 Votes
+ -
So "jailbroken" iDevices might get something similar?
James Quinn 28th Jan
@Peter Perry .. Hmmmm what to do? What to do? Oh yeah DON'T jailbreak your iDevice:) Yeah that's the ticket.So instead of enslaving you the wall in the wall garden is there to protect you? Interesting the wall in the walled garden is actually there to protect me not hinder me. Funny I wish I had thought of that myself... Oh wait i did realize this to be so. So are these Android devices that were or are infected jailbroken only or can this happen to any and all Android devices?

Pagan jim
0 Votes
+ -
RE: Millions caught up in Android botnet
jgm@... 28th Jan
@James Quinn It is there to hinder you; it's like being nice and safe in 23/7 solitary confinement.
0 Votes
+ -
Except not.....
James Quinn 28th Jan
@jgm@... I have email, text, web browsing, phone, and a host of communication tools at my fingertips. I also have facebook and the rest of social media. YOu choose a poor comparison with solitary my friend.

Pagan jim
0 Votes
+ -
RE: Millions caught up in Android botnet
Rama.NET 28th Jan
@James Quinn
+1
0 Votes
+ -
Apple's purpose in building the wall....
cornpie 30th Jan
@James Quinn ...is to lock you in to their environment. Though that does have security advantages, those advantages are purely coincidental. The real reason it is there is to ensure that every App purchased kicks a few pennies into Apple's $90 B pile of cash.
0 Votes
+ -
You are living proof of what I keep saying ....
wackoae 28th Jan
@Peter Perry Android users are some of the dumbest people in the world.

Denying facts just shows how low an ignorant fandroid can get when it comes to defending the horrendous security record on Android. Fact is Android has being flooded with malware pretty much since day one.

And about botnet on iOS .... show some proof.
0 Votes
+ -
RE: Millions caught up in Android botnet
Peter Perry 28th Jan
@wackoae You're so smart, look it up yourself!

I guess all those people who defected here during the cold war are stupid as well huh? I mean, after all the East Germans should have just realized the wall was there to protect them right?

I realize this isn't politics but I will take Android and its inherent vulnerabilities over the heavy handed tactics of iOS any day!
  • Flagged
0 Votes
+ -
RE: Millions caught up in Android botnet
Peter Perry 28th Jan
@wackoae You're so smart, look it up yourself!

I guess all those people who defected here during the cold war are stupid as well huh? I mean, after all the East Germans should have just realized the wall was there to protect them right?

I realize this isn't politics but I will take Android and its inherent vulnerabilities over the heavy handed tactics of iOS any day!
  • Flagged
0 Votes
+ -
RE: Millions caught up in Android botnet
Peter Perry 28th Jan
@pagan Jim

Good for you man, you keep that fragile, gimped, piece of dung and I will stick with the Resound I replaced my 4s with!
  • Flagged
0 Votes
+ -
Remind me... Have I ever called Android or an Android device dung?
James Quinn 28th Jan
@Peter Perry ... There is a clear difference between you and I right there my friend. Still I'm not threatened by Androids success and neither is Apple from what I can see. So I suppose that might point to why your responses often turn out to be so shall we say colorful:)

Pagan jim
  • Flagged
0 Votes
+ -
RE: Millions caught up in Android botnet
Peter Perry 28th Jan
@pagan Jim You're clueless if you think Apple's success in any way has a bearing on my life.

The difference between you and I? I am a person who very much wears my emotions on my sleeve and I think for myself. I don't want a company telling me that I can use their device only one way.

If you notice, my posts about tablets aren't usually negative about the iPad, just pro Android... Posts about Apple laptops of computers are mostly positive and I never complain about my Air!

The iPhone on the other hand, I was fresh off of 3+ months trying to make it work for me as well as Android does and at every turn was frustration! You actually caught me on the other article the very same night, that I had enough and sold the phone!

So you see, it has nothing to do with Apple, everything to do with a device that does not deserve the praise people like you throw at it!
  • Flagged
0 Votes
+ -
Would I trust someone who can't even use the web to check facts? No.
TheWerewolf 28th Jan
@joe.smetona Actually, ZDNet is wholly owned by CNet which is now wholly owned by CBS Entertainment. (http://en.wikipedia.org/wiki/ZDNet)

Microsoft has pretty much nothing to do with it.
0 Votes
+ -
Yes I am not emotional, not in the least.
James Quinn 28th Jan
@Peter Perry... So you are saying that you personally don't like the praise given to the iPhone. Well I do. So there is a natural impass. You find the iPHone wanting and I do not. I know for a fact that while my opinion is indeed shared by some I know it is not all. That seems to be your basic problem here because the iPhone is not a good match for your needs/wants you can't stand the idea or except that for many it is? You should emotional or not be able to except this and move on. Are you trying to say that Android is a good match for you it SHOULD be a good fit for everyone? On the very face of that statement you should see the flaws sin that logic and yes there will be those who praise the iPhone for it is a wonderful fit for their given needs/wants and that should not spur you to answer... "Oh no it's NOT!" Cause again that is over the top. Who are you trying to convince here? I know the iPhone is a great fit for me... I know Android fits your needs/wants so where are you going with this and why?

Pagan jim
  • Flagged
0 Votes
+ -
RE: Millions caught up in Android botnet
panoslondon1 28th Jan
@Peter Perry Jailbroken iphones? Jailbroken windows phones? The world jailbroken is the secret. I am a very happy user of a Windows phone and there is no way I am going back to Android.
0 Votes
+ -
RE: Millions caught up in Android botnet
Peter Perry 28th Jan
@panoslondon1 Never tried Windows phone, I hear good things about it but I have yet to see a phone that appealed to me.
0 Votes
+ -
RE: Millions caught up in Android botnet
Rama.NET 28th Jan
@Peter Perry
You can try HTC Titan right now, but if you could wait for 3 to 4 months, you could try HTC Titan II and Nokia Lumia N900. Both are going to be good devices with LTE on AT&T network.
0 Votes
+ -
RE: Millions caught up in Android botnet
rfoto 28th Jan
@Peter Perry
The press wants to hit Android malware hard? You have no idea about the press hitting something hard. One Apple virus would have Ed Bott and others screaming into megaphones from tall buildings.
0 Votes
+ -
RE: Millions caught up in Android botnet
larryvand Updated - 28th Jan
This is all garbage and WRONG WRONG WRONG. There is no malware, no trojan, no botnet, nothing of the kind. The Lookout security company is out with the news and is calling Symantec for the self serving garbage they are spewing. Next time that you decide to write an article about malware, look at the source and do some research to confirm the story from multiple sources.
0 Votes
+ -
RE: Millions caught up in Android botnet
Cylon Centurion 28th Jan
I'm biting my lip on this one. Most of you here already know how I feel about the mess that is Android.
0 Votes
+ -
RE: Millions caught up in Android botnet
Rabid Howler Monkey 28th Jan
@Cylon Centurion You didn't bite hard enough. We can still see you waving your fingers with your thumbs in your ears.
0 Votes
+ -
RE: Millions caught up in Android botnet
Rama.NET 28th Jan
@Cylon Centurion
The issue is not the platform, the issue is google's governing policies on its Market. Google needs to step up and do rigorous testing before allowing "anyone" to publish apps.
0 Votes
+ -
But that would be a walled garden
baggins_z 30th Jan
and we all know those are incredibly evil.
0 Votes
+ -
May?: This, as far as I can tell, is a presumptive conclusion on your part
Dietrich T. Schmitz * Your Linux Advocate Updated - 28th Jan
Clearly, this is a vetting problem at the Android Market.

But where is your citation for 'Millions caught up in Android botnet'.

The links you provide when followed make no reference to that.

Are you being a 'click jockey' again Adrian? :/

P.S.
Install Symantec AV for Android immediately!
(Source Code included.)
0 Votes
+ -
RE: Millions caught up in Android botnet
Rama.NET 28th Jan
@Dietrich T. Schmitz * Your Linux Advocate
Try this, http://www.allaboutphones.nl/nieuws/8722/Symantec-miljoenen-Androidtelefoons-geiumlnfecteerd-met-malware.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+allaboutphones%2Fnieuws+%28All+About+Phones+Nieuws+feed%29&utm_content=Google+Reader
0 Votes
+ -
Then that is the central problem with Android?
William Farrel 30th Jan
@Dietrich T. Schmitz * Your Linux Advocate
That they did not bother too much about security in an effort to rush it out on the street to counter iOS?

A well developed OS shouldn't have need of an AV program, right?
0 Votes
+ -
Did DTS just admit that Linux requires AV?
toddybottom_z 30th Jan
@William Farrel
"A well developed OS shouldn't have need of an AV program, right?"

Nicely done William.
0 Votes
+ -
Consider the source...
cornpie 30th Jan
@Dietrich T. Schmitz * Your Linux Advocate

Symantec? The company that wants to sell you the anti-malware product? The companies trying to sell such products (i.e. the ones that stand to make money by starting a panic) are always the ones sounding the alarm the loudest. Also consider the number of the listed apps that have "sex", "stripper", etc in them.
0 Votes
+ -
Android is a huge collection of security vulnerabilities so no shock there.
Johnny Vegas 28th Jan
But dont bother complaining to google, theyre too busy inverting new ways to sell your personal data to advertisers to care about what happens to their users between ads.
0 Votes
+ -
So what's the problem?
Userama 28th Jan
The article states that this bot "is capable of both stealing information from, and displaying ads on, infected Android handsets." Isn't that what Google does anyway on un-infected Android handsets?
0 Votes
+ -
Oops duplicate
James Quinn Updated - 28th Jan
@Userama
0 Votes
+ -
I was going to say funny, but in truth VERY funny:)
James Quinn Updated - 28th Jan
@Userama... It's funny cause it's not me!

Pagan jim
0 Votes
+ -
Actually ... it is very funny ....
wackoae 28th Jan
@James Quinn because it is 100% percent true.
0 Votes
+ -
RE: Millions caught up in Android botnet
Rama.NET 28th Jan
@Userama
+1. grin. you made my weekend.
0 Votes
+ -
I find the Apps list alone kind of disturbing
James Quinn Updated - 28th Jan
What is the difference between Sexy woman puzzle and Sexy girl puzzle? One would have to assume age but I was legally and otherwise a man at 18 I could go to war and die or kill for my country heck I could legally drink:). So isn't a girl pre woman age and just what is that age?

Pagan jim
0 Votes
+ -
RE: Millions caught up in Android botnet
rfoto 28th Jan
@James Quinn
At least they are not fart apps, which is pretty much all you can find on the iOS market, according to the Android fans.
0 Votes
+ -
Sure ... no fart apps in Android
wackoae 29th Jan
@rfoto

http://www.google.com/search?q=android+fart+apps&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

I'm guessing you were holding your gas for too long and it went straight into your brain. http://www.moenantikvariat.dk/Lidtforsp%C3%B8g/farts.jpg
  • Flagged
0 Votes
+ -
RE: Millions caught up in Android botnet
StandardPerson Updated - 29th Jan
@rfoto Don't speak too soon!

A google of "Android fart apps" gives 3.8 million hits, while a google of "iPhone fart apps" gives 5.7 million hits, with plenty more for the iPad.

Clearly, the fart app gap is closing quickly!
  • Flagged
0 Votes
+ -
Symantec?
rhonin 28th Jan
Truth from them?
You have got to be kidding.

Staring to think the authors a troll.......
0 Votes
+ -
RE: Millions caught up in Android botnet
jrggzmn 28th Jan
If these are the apps that are on the android market, then apps shouldn't be a selling-point.
0 Votes
+ -
This may finally get Google's attention ...
Rabid Howler Monkey 28th Jan
because the malicious apps scam Google out of its own ad revenue.
0 Votes
+ -
Clearly...
John L. Ries 28th Jan
...Google needs to do a much better job of policing its own marketplace.
0 Votes
+ -
Botnet?
steve@... 28th Jan
This goes beyond lazy to full-out lying, and is sadly typical of what passes for tech journalism these days. There is no botnet. There is nothing from Symantec saying it's a botnet. Even the fearmongers at Symantec admit the "risk" is "very low." It's just an overly nosy ad network. But don't let that stop you from spreading misinformation. I just hope ZDnet isn't paying you for this tripe.
0 Votes
+ -
... Been here 6 years.
Joe.Smetona 31st Jan
@steve@... ZDNet just trashes MS competition, and if they don't do it directly the MS shills do it for MS incentives to keep things off the books. A good illustration of this was a prominent poster called Mike Cox. He indirectly provided information to wanna be shills on how to get the MS "rep" to provide favors for shilling here. Everything off the books here of course.
0 Votes
+ -
RE: Millions caught up in Android botnet
smite50 28th Jan
I see how this works.
When a security hole or a some malware is found on Android all apple users trash it as hell. Every time I read one on IOS the response from the apple owners is always the same, denial: "not on apple devices, they are invulnerable".
Nothing says douche like a logo of a chewed up fruit.
0 Votes
+ -
RE: Millions caught up in Android botnet
larryvand 28th Jan
This is all garbage and WRONG WRONG WRONG. There is no malware, no trojan, no botnet, nothing of the kind. The Lookout security company is out with the news and is calling Symantec for the self serving garbage they are spewing. Next time that you decide to write an article about malware, look at the source and do some research to confirm the story from multiple companies.
0 Votes
+ -
RE: Millions caught up in Android botnet
raglionby 28th Jan
Any independent research confirming Symantec's findings? I am highly suspect when Symantec makes announcments like this, they have a history of lying to the public to scare them into buying their products.
0 Votes
+ -
Do they have an Android product to sell?
James Quinn Updated - 28th Jan
@raglionby... Never heard of it myself.

Pagan jim
0 Votes
+ -
Brought to you by Linux
toddybottom_z 29th Jan
Thankfully, Linux has tiny desktop market share or it would be even worse.
0 Votes
+ -
RE: Millions caught up in Android botnet
daikon 29th Jan
@toddybottom_z
toddybottom II

We all know Linux had nothing to do with, nice try.
0 Votes
+ -
Reply to Toddybottom. RE: AV for Android.
Joe.Smetona Updated - 31st Jan
@toddybottom_z ... You missed it. DTS was making a joke about using AV on Android. The problem is between the Gorilla glass and the chair. The install anything and everything mentality comes from Windows users. Smart users of any OS are careful about what they install and can tell when DTS is kidding.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix