A trojan is posing as an actual Android Market app that will spam the user's contact list with an embarrassing SMS.
Symantec reports that Android.Walkinwat is the first mobile phone threat of its kind to actually discipline users that are downloading non-Market Android apps from apk repositories. The trojan is presented as a non-existent version of Walk and Text (v1.3.7), a legitimate app that's currently available on the Android Market.
"Android.Walkinwat can be found on several renowned file sharing websites throughout North America and Asia," Symantec said. "One could make the case that this app was intentionally spread in these regions by the creators of the threat in order to maximize the download prevalence and convey their message to as large an audience as possible, however one could also make the case the creator of Android.Walkinwat is attempting to undermine the publisher of Walk and Text."
Symantec said that once the user downloads and installs the unofficial app, it pretends to apply a fake crack when in essence it's actually gathering all the user's information. It then transfers the sensitive package to an external server while also sending out SMS messages to all contacts on the phone's contact list. On Android, that usually means everyone listed on Google Contacts containing a mobile number.
"Hey, I just downloaded a pirated App off the Internet, Walk and Text for Android," the SMS message reads. "Im stupid and cheap, it costed only 1 buck. Don't steal like I did!"
"Interestingly enough, the Trojan performs the above set of actions in a routine of Android.Walkinwat called 'LicenseCheck,' something traditionally used by legitimate apps for license management in conjunction with a Licensing Verification Library available for the Android platform to help prevent piracy," Symantec added. "The authors of the malicious code have taken an extra step to make sure that their app was obfuscated, which is another recommended measure to prevent piracy."
The fake app doesn't do anything else once it gathers evidence and sends out the embarrassing messages, only closing with a pop-up labeled as Application Not Licensed. "We really hope you learned something from this," the message reads. "Check your phone bill. Oh, and don't forget to buy the App from the Market."
It wouldn't be surprising if this app was created by the original team behind the official Walk and Text app.
Because it is way more secure than iOS. Yes, you read that correctly. Look at the results of the most recent Pwn2Own event before you even think about replying to this.
Any platform can be compromised if you install malicious software on it, even the almighty Linux. This shouldn't take anything more than a grade-school education to understand. Just because you aren't smart enough to figure out that random pirated apps may be malicious doesn't mean that the rest of us should live in Apple's walled garden, being disallowed from installing anything they didn't approve.
Personally, I'd rather own a feature(less) phone with nothing more than a 10-key pad than own an iPhone. Then again, I buy a phone for functionality, not because "it makes me look cool".
Hint: iPhone doesn't really make you look cool, people just think it does.
I may be biased though, I love my Android device(s)
Now that I have seen this article I would not install this app on my phone even if I bought if from the Marketplace. How could you trust the authors did not put some other unwanted code in the app. While I don't disagree with them trying to protect their work, I do disagree with their tactics which shows a tendency to deceive.
Second, since the app was obtained illegally, the author is no longer liable for any damages done to the phone or to the user. There's no license to protect the app user in this case.
Why is it illegally obtained app? Are you saying exactly the same app with exactly the same functionality (i.e. send those text messages) are on Android Market?
Seeing as this 'App' was designed, and presumably deliberately distributed by the means of a torrent. That is a legitimate way of obtaining it. The Authors are liable and have committed a crime by doing this. I hope they get their asses sued out of their pants so hard they can never shit themselves again.
On the other hand some hacker/ex-employee at that company may have deliberately done this to get them in trouble..
And white headphones just shout "mug me"
"Hey,,,can you show me how to pirate it too?"
One of the best successful anti piracy measures is actually ignorance. If people realized how easy it is to get things for free, they probably wouldn't be paying for them either.
Good work.