Security firm Symantec has uncovered a massive botnet that may have lured millions of unwitting Android users into downloading malware infected apps from the official Google Android Market.
The Trojan, dubbed 'Android.Counterclank' by Symantec, was packaged into at least 13 free games published by three different publishers on the official app download site. The following apps are known to be affected:
According to Symantec researcher Irfan Asrar, Counterclank is capable of carrying out commands received from a remote server and is capable of both stealing information from, and displaying ads on, infected Android handsets.
According to Symantec, Counterclank has the highest distribution of any Android malware identified so far this year.
Back in December of last year I wrote about six problems that was facing Android that Google was doing nothing to address. One of those issues was security, both the lack of decent security tools and the increasing proliferation of malware appearing in the official Google Android Market. It seems clear that Google's idea of curating the official download site is to limited to cleaning up toxic spills rather than preventing them in the first place. This process doesn't seem to be working and is putting user's data at risk.
It's time Google started taking security much more seriously.