Symantec found malicious applications in Android Market

After scanning the Android Market, Symantec found multiple publisher ID’s that had been publishing applications with a malicious code in it. The crafted code is a modification of the  code “Android.Tonclank” which is defined as a trojan horse that steals information stored on the device. It may also open back-doors used by others to be able to execute commands through your phone.

Why snoop on my phone?, I don’t have anything interesting for them?

Well certain people that has control over the trojan may use it to execute commands against others through you. This means that who ever they attack, gets attacked by you. They do this to avoid getting caught. In few cases they gather all the trojan infected devices, and use them all to DDoS (Denial of Service) attack an IP address. This cause the owner of the address to loose the connection to the rest of the world. It’s like putting a pumpkin in a tube where there is only room for a grape. It just wont work!

The List…

So far it doesn’t look like the list is complete, but below you will find what they have found so far. Should you have one of these applications installed on your device we strongly suggest that you remove it as soon as possible. This version of the trojan has received the name “Android.Counterclank” which you can read more about over at Symantec. For those who are interested, the apk file will contain a package called “apperhand”. This is the Trojan package itself.

We will try to keep this post up to date f more applications are found.



(Symantec 2012)


© 2012 Nordic

Leave a Reply