July 30, 2014

Lookout: Android.Counterclank is aggressive advertising, not malware

symantec_malware

Remember last week when we reported on Symantec’s finding that Android.Counterclank had infected somewhere between one and five million Android users?  According to Lookout Mobile Security, infected isn’t the word we should be using.  As they see it, there is no malicious activity going on here, just shady advertising techniques.  A post on Lookout’s blog breaks down what they see going on with Apperhand code inserted in the 13 applications.  While they found that there’s no real threat to worry over, the details are shady nonethless.

How would you feel if an app was pushing bookmarks to your Android smartphone?  That’s one of the things going on with these applications, as uncovered by Lookout.

  1. It is capable of identifying the user uniquely by their IMEI, for instance, but unlike some networks this SDK forward-hashes the IMEI before sending to its server. They’re identifying your device, but they are obfuscating the raw data.
  2. The SDK has the capability to deliver “Push Notification” ads to the user. We’re not huge fans of push notifications, but we also don’t consider push notification advertising to be malware.
  3. The SDK drops a search icon onto the desktop. Again, we consider it bad form, though we don’t consider this a smoking gun for malware provided the content that is delivered is safe.  In this case, it is simply a link to a search engine.
  4. The SDK also has the capability to push bookmarks to the browser.  In our opinion, this crosses a line; although we do not believe this is cause to classify the SDK as malware.

We’re already hardcore against applications that push ads down to our phones and tablets with crap that shows up in notifications bars.  To hear that we’re getting bookmarks pushed to our device as well…? We hate to single out developers here, but if you use this type of stuff then we cannot endorse your experience.

For its part, Symantec has published a follow up post which is definitely worth a read.

Ok, so Android.Counterclank has pissed off somewhere between one and five million Android users.