Beware “Official” Android Trojans!

Symantec has uncovered a massive botnet that may have lured millions of Android users into downloading malware infected apps from the official Android Market site.  The Trojan, being called ‘Android.Counterclank’, was wrapped into at least 13 free games on the official android app download site.  The following apps are known to be affected:

  • Counter Elite Force
  • Counter Strike Ground Force
  • CounterStrike Hit Enemy
  • Heart Live Wallpaper
  • Hit Counter Terrorist
  • Stripper Touch girl
  • Balloon Game
  • Deal & Be Millionaire
  • Wild Man
  • Pretty women lingerie puzzle
  • Sexy Girls Photo Game
  • Sexy Girls Puzzle
  • Sexy Women Puzzle

If you have downloaded one or more of these games, you had best be taking some action to protect your information.  According to the description at Symantec’s site, the combined download figures for these malicious apps indicate Android.Counterclank has the highest distribution of any Android malware so far this year.

I don’t own any Android devices, so, why am I writing about this malware rather than the hundreds of malware variants found each day?  I am concerned that the “official” download site is laden with malicious applications.  The Android Market is owned and operated by Google Inc.  Android configurations really need to be tightened up, and the practices used when vetting an app for distribution on an “official” site need to be scrutinized and corrected.

Google really ought to know better.  There motto is “Don’t Be Evil”…