Security experts disagree over new Android malware alert

Symantec raises the alarm and labels new software a Trojan, but mobile security firm Lookout says it's simply aggressive advertising

Leading security firm Symantec has labelled a new piece of software as malware, while a mobile security specialist disagrees, claiming the code is simply a form of aggressive advertising.

Symantec posted a security alert on its website this week, notifying users that a new piece of mobile software known as Android.Counterclank is a Trojan horse for Android devices, which steals information.

Blogging about the malware, Symantec security expert Irfan Asrar said it is being pushed on the Android marketplace from multiple publishers, and is a small evolution from older known malware.

"Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank," he said.

"This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device."

However, mobile security specialist Lookout disagrees with this analysis, claiming the software does not steal data from Android devices and represents nothing more sinister than a form of aggressive advertising.

"The average Android user probably doesn't want [these] applications on his or her phone, but we see no evidence of outright malicious behaviour," the firm said under the heading, 'This isn't malware'.

"In fact, almost all of the capabilities attributed to these applications are also attributable to a class of more aggressive ad networks – this includes placing search icons onto the mobile desktop and pushing advertisements through the notifications bar."

The firm concluded that, while the software engages in a number of activities it considers to be bad practice and unwelcome to most users, this alone does not make it malware.

"The software drops a search icon onto the desktop. Again, we consider it bad form, though we don't consider this a smoking gun for malware, provided the content that is delivered is safe. In this case, it is simply a link to a search engine," it said.