Counterclank is not malware, just aggressive adware

Following Symantec’s weekend claim that up to five million Androids may be infected with Counterclank, other researchers suggest that the code is adware rather than malware.

Roger Thompson of ICSA Labs reported, “I think they made a mistake... what they detected was a new release of an ad platform, developed to allow Android developers to monetize their apps… not a Trojan.”

This opinion is shared by other researchers, with one of the first coming from Lookout Mobile Security. “The average Android user probably doesn’t want applications that contain Apperhand on his or her phone,” it reported, “but we see no evidence of outright malicious behavior... at this point in our investigation, this is an aggressive form of an ad network – not malware.”

Kim Titus, head of communications at NQ Mobile told Infosecurity that “Counterclank, or more precisely, the underlying Apperhand SDK embedded in the app, does not perform any malicious behavior, such as trojan horses, bots, or rootkits. But it does” he adds, “aggressively push ads or even updates the browser's bookmarks – but such updates are ‘approved’ by the user when the app is being installed.”

Symantec seems to agree and has toned down its original post. Gone, for example, is the claim that up to five million Androids have been infected. The post now says “The combined download figures of all the malicious apps indicate that Android.Counterclank has the highest distribution of any malware identified so far this year.”

In a new post, however, Symantec defends its position. “The situation we find ourselves in,” it writes, “is similar to when Adware, Spyware, and Potentially Unwanted Applications first made appearances on Windows. Many security vendors did not initially detect these applications, but eventually, and with the universal approval of computer users, security companies chose to notify users of these types of applications.”

Symantec has “submitted a ticket to Google for the removal of Counterclank from the Android Market.” Google responded that “the applications met their Terms of Service and they will not be removed.”