Rogue Android app texts humiliating messages
Real app's maker threatens to sue security firm for blogging about threat
Computerworld - Android users face a new threat, a rogue app that tells all their friends they pirated the program, a Symantec security manager said today.
The app is a fake copy of the legitimate "Walk and Text," software that uses the smartphone's camera to show what's in front of the user while she simultaneously walks and texts.
Walk and Text is available not only on Google's official Android Market app store, but also on numerous file-sharing sites. It's one of several mobile apps created by Georgi Tanmazov, the CEO of Incorporate Apps.
On the Android Market, Walk and Text is priced at $1.54.
The Trojanized version of the app includes malicious code that pilfers personal data from the phone -- the phone number, the device's unique identifier and more -- and sends it to a remote anonymous server.
That's not new, said John Engles, a group product manager with Symantec's security response team. What is new, at least on mobile devices, is the rogue app's texting of an embarrassing message to each contact in the phone's address book.
"Hey, just downlaoded [sic] a pirated App off the Internet," the message reads. "Walk and Text for Android. Im [sic] stupid and cheap, it costed [sic] only 1 buck. Don't steal like I did!"
When the app is run, a final message appears on the smartphone's screen that states, "We really hope you learned something from this." That message is accompanied by a an offer to buy the legitimate program from the Android Market.
According to Symantec, the rogue app -- which the company pegged as "Android.Walkinwat" and identified as a Trojan horse -- is similar to other fake Android apps that host malware. "They took the legitimate app, decompiled it, added the malicious code, recompiled it and then placed it on small Android side markets," said Engles.
Although Engles said the Trojan maker's motivation was unclear, he said it was most likely created by anti-piracy vigilantes. But it's also possible that the creator of Android.Walkinwat wanted to undermine the reputation of the legitimate Walk and Text application.
Engles called Android.Walkinwat "fairly benign," in part because it doesn't appear to have elements common to other mobile malware, such as a backdoor that allows secret downloads of other code.
"And it doesn't seem to be very popular or widespread," said Engles. Symantec has classified the rogue app/Trojan as a "Low" threat.
Installing the Trojanized app could result in higher texting bills, depending on the number of contacts in a victimized smartphone, and where those contacts lived. "This could cost you some money," said Engles.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Performance Management: The Mobile App Development Playbook This comprehensive 16 page Forrester Research, Inc. report, authored by Jeffrey Hammond, Forrester VP and Principal Analyst, details a number of valuable, commonly...
- New Problems Require Innovative Solutions The mobile market is expected to be worth $25 billion by 2015
- Getting Agnostic about Mobile Devices The idea of being able to interact with customers, prospects, and stay attuned to competitive pressures is not new, but the velocity at...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Mobile Apps White Papers | Webcasts