Symantec launches massive 'Android malware' scare campaign -- extreme caution advised

By JR Raphael (@jr_raphael)

Alert! Alert! Security software peddler Symantec has launched what may be the largest malware scare campaign ever conducted against Android users, researchers at the Android Power Labs have discovered.

Symantec Android Malware

The attack on users' sensibilities began Friday, when Symantec posted a blog proclaiming it had found some scary-sounding virus lurking in the Android Market. According to alarmist interviews Symantec gave to the press, the virus may have already affected as many as 5 million Android users -- making it pretty much the most horrifying thing the world has ever seen.

"Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank," Symantec announced, employing an advanced tactic known as "making up unnecessarily complicated names in order to make stuff sound extra terrifying."

"This is a minor modification of Android.Tonclank," Symantec continued, "a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device."

In actuality, it appears the apps cited by Symantec were guilty only of poor design and annoying advertising methods: The apps in question delivered intrusive ads and placed ad-related bookmarks into a phone's browser, including one for an ad-based search utility that was also placed as a shortcut on the device's home screen. All of these things, however, were well within the apps' legitimate and clearly stated permissions; the apps could easily be uninstalled, had no access to sensitive data, and -- while unquestionably obnoxious -- showed no signs of being "malicious" or in any way virus-like.

"We've seen laughable attempts at scaring Android users into buying pointless security software before, but never at this absurd of a level," says Android Power Labs Chief BS Detective JR Raphael (who for some reason has taken a liking to quoting himself in the third person).

Even Lookout, an Android security software vendor that usually throws the term "Android malware" around every chance it gets, is countering Symantec's claims. In a blog posted on its website, Lookout echoed the above-mentioned points, noting that the apps used aggressive forms of advertising but did nothing that would qualify them as malware.

(While some of the apps listed in Symantec's report are no longer available in the Android Market, incidentally, sources familiar with the situation say the titles were removed for reasons unrelated to security. Google routinely takes apps out of its official marketplace listings for trademark misuse and other terms-of-service violations.)

Android Power Labs is still actively investigating the root cause of Symantec's Android malware scare campaign. Early results, however, suggest the campaign may have been driven by the company's desire to sell its Android antivirus software. Researchers are also looking into whether diverting attention away from Symantec's embarrassing PcAnywhere hacking incident may have played a role.

Android Power Twitter

To stay protected from this and other similar Android malware scare campaigns, Android Power Labs is advising all users to use common sense and take future fear-inducing missives with a grain of salt -- particularly those propagated by companies that stand to benefit from convincing you your phone is out to kill you.

SEE ALSO: Android Market security: An interview with Android's VP of engineering

JR Raphael writes about smartphones and other tasty technology. You can find him on Google+, Twitter, or Facebook.

Article copyright 2012 JR Raphael. All rights reserved.

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies