Skip to main content

Android Trojan Tells Contacts You're a Pirate

Symantec reports that Android.Walkinwat is the first mobile phone threat of its kind to actually discipline users that are downloading non-Market Android apps from apk repositories. The trojan is presented as a non-existent version of Walk and Text (v1.3.7), a legitimate app that's currently available on the Android Market.

"Android.Walkinwat can be found on several renowned file sharing websites throughout North America and Asia," Symantec said. "One could make the case that this app was intentionally spread in these regions by the creators of the threat in order to maximize the download prevalence and convey their message to as large an audience as possible, however one could also make the case the creator of Android.Walkinwat is attempting to undermine the publisher of Walk and Text."

Symantec said that once the user downloads and installs the unofficial app, it pretends to apply a fake crack when in essence it's actually gathering all the user's information. It then transfers the sensitive package to an external server while also sending out SMS messages to all contacts on the phone's contact list. On Android, that usually means everyone listed on Google Contacts containing a mobile number.

"Hey, I just downloaded a pirated App off the Internet, Walk and Text for Android," the SMS message reads. "Im stupid and cheap, it costed only 1 buck. Don't steal like I did!"

"Interestingly enough, the Trojan performs the above set of actions in a routine of Android.Walkinwat called 'LicenseCheck,' something traditionally used by legitimate apps for license management in conjunction with a Licensing Verification Library available for the Android platform to help prevent piracy," Symantec added. "The authors of the malicious code have taken an extra step to make sure that their app was obfuscated, which is another recommended measure to prevent piracy."

The fake app doesn't do anything else once it gathers evidence and sends out the embarrassing messages, only closing with a pop-up labeled as Application Not Licensed. "We really hope you learned something from this," the message reads. "Check your phone bill. Oh, and don't forget to buy the App from the Market."

It wouldn't be surprising if this app was created by the original team behind the official Walk and Text app.