Security Bytes

Mar 31 2011   7:12PM GMT

Symantec outs Android vigilante app justice



Posted by: ITKE
Tags:

By Ryan Cloutier, Contributor

New among the rapidly growing mobile malware landscape is Android.walkinwat; however, instead of the usual black hat aims of normal malware this version seeks to deter victims from downloading pirated software.

Walkinwat attracts victims by posing as a version of a legitimate app in off label versions of Android app stores and the infected application is available on several prominent file sharing websites throughout North America and Asia. The real app, Walk and Text, is available in the Google approved app store.

Upon running the infected app, the infected user is presented with a pop-up screen that gives the appearance the app is being cracked, while instead the app is actually gathering sensitive information from the victim’s phones and sending it to an eternal server according to Ifran Asrar writing for Symantec’s Security Response blog.

According to Asrar the malware also sends the following text message to all of the contacts in the infected user’s contact list:

“Hey, just downlaoded a pirated app off the internet, Walk and Text for Android I’m stupid and cheap, it costed only 1 buck. Don’t steal like I did!(sic)”

The app concludes with a similar message to the user instructing them to check their phone bill and offering them the option of buying the legitimate app from the App Store.

“Although this isn’t the first case of disciplinary justice being used as means to send a message against piracy, this is the first of its kind discovered on the mobile landscape,” writes Asrar.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: