According to Symantec, 13 apps from three developers — many in the official Android Market — have been carrying malicious chunks of code called Android.Counterclank, and are suspected of running on as many as five million phones, stealing info and running ads against the will of the device's owner.
ComputerWorld, speaking to Symantec, learned that the apps have been downloadable for over a month, and Symantec calls it the biggest Android malware outbreak to date.
Some of the 13 apps that Symantec identified as infected have been on the Android Market for at least a month, according to the revision dates posted on the e-store. Symantec, however, discovered them only yesterday.
Users had noticed something fishy before then.
"The game is decent ... but every time you run this game, a 'search icon gets added randomly to one of your screens," said one user on Jan. 16 after downloading "Deal & Be Millionaire," one of the 13. "I keep deleting the icon, but it always reappears. If you tap the icon you get a page that looks suspiciously like the Google search page."
The apps, distributed by iApps7, Ogre Games and redmicapps, are mostly games with titles such as Counter Strike Hit Force, Wild Man and Stripper Touch girl. Here's the full list:
Counter Elite Force Counter Strike Ground Force CounterStrike Hit Enemy Heart Live Wallpaper Hit Counter Terrorist Stripper Touch girl Balloon Game Deal & Be Millionaire Wild Man Pretty women lingerie puzzle Sexy Girls Photo Game Sexy Girls Puzzle Sexy Women Puzzle
Not-so-shockingly Symantec believes these publishers exist solely to distribute malware. Google might want to get rid of those.