Symantec, Lookout Mobile Security debate latest Android “malware” attack

by Kristen Nicole

If you have an Android device, malware threats are nothing new, just something with which you’ve learned to deal. Mobile security companies usually alert the public when any major malware or Trojan threat is discovered in the Android Market, but rarely do they disagree over what’s actually considered malware. This question’s been raised in regards to the latest string of Android Market botnets uncovered by Symantec, in what could be the largest botnet setup in Android’s history with as many as 5 million victims.

Dubbed ‘Android.Counterclank’ (or ‘Apperhand SDK’) by Symantec, the malware was packaged across 13 different Android apps from different publishers, with titles ranging from Sexy Girls Puzzle to Counter Strike Ground Force. “They don't appear to be real publishers,” Kevin Haley, a director with Symantec's security response team, said in an interview today. “These aren't rebundled apps, as we've seen so many times before.”

But Lookout Mobile Security doesn’t think that this differentiated behavior means it’s a malware attack. They posted a blog over the weekend explaining their reasons for disagreeing with Symantec’s assessment, saying Android.Counterclank isn’t malware at all. It’s certainly not something most Android users want on their devices, but Lookout finds no evidence of outright malicious behavior, saying their capabilities are more like aggressive ad networks that put search icons on your home screen and run ads through your notifications bar.

“Malware is defined as software that is designed to engage in malicious behavior on a device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud,” reads Lookout’s blog. “Apperhand doesn’t appear to be malicious, and at this point in our investigation, this is an aggressive form of an ad network – not malware.”

Money-hungry ads or malicious malware? It seems the industry experts can’t agree, and such disparity could significantly shake up the consumer market. The debate over malware’s core definition came up a few weeks back with the Carrier IQ debacle, leading to a massive consumer backlash as privacy advocates blasted the carrier-supported software. When it comes to Android.Counterclank we have yet another example of how the Android ecosystem is being exploited, and how little this market is controlled. The debate over Android.Counterclank could ultimately circle back to Google, which is increasingly being held accountable for the Android Market experience.