Is There a Massive Malware Attack Targeting 5 Million Android Users?

Security software developer Symantec is stating that 13 apps by three developers could be spreading malicious code -- Android.Counterclank -- among as many as 5 million phones, stealing information from users. But, another security software developer -- Lookout Mobile Security -- believes it is just "aggressive" advertising.

The Guardian has more:

The dispute [between the two security firms] indicates [...] the conflict about the difference between malware and "adware" – where software on the user's computer generates intrusive advertising – has shifted from the desktop, where the line has been blurred over the years, to the mobile platform, and particularly to Android, the mobile operating system which increasingly dominates world sales of smartphones.

At the same time, it reinforces concerns that Android has become the target for malware writers who find its open market system, as well as the multiple unofficial Android app markets, an effective way to spread malicious software.

Kevin Haley with Symantec spoke to ComputerWorld stating that the developers involved -- iApps7, Ogre Games and redmicapps -- don't seem real. He also describes this as the largest malware attack on Android phones yet that runs unwanted advertisements:

Although the infected apps request an uncommonly large number of privileges -- something that the user must approve -- Haley argued that few people bother reading them before giving their okay.

"If you were the suspicious type, you might wonder why they're asking for permission to modify the browser or transmit GPS coordinates," said Haley. "But most people don't bother."

Gizmodo has the full list of apps that could be malicious:

Counter Elite Force

Counter Strike Ground Force

CounterStrike Hit Enemy

Heart Live Wallpaper

Hit Counter Terrorist

Stripper Touch girl

Balloon Game

Deal & Be Millionaire

Wild Man

Pretty women lingerie puzzle

Sexy Girls Photo Game

Sexy Girls Puzzle

Sexy Women Puzzle

Still, the Guardian reports Lookout Mobile as saying "we see no evidence of outright malicious behaviour" and that the apps' actions are "attributable to a class of more aggressive ad networks."