Symantec says it has discovered the first threat in the wild for the Android mobile platform – Android.Walkinwat which attempts to discipline users that download files illegally from unauthorised sites.
Presented as a non-existent version (V 1.3.7) of Walk and Text, an application that is available on the Android market, Android.Walkinwat can be found on several renowned file sharing websites throughout North America and Asia. One could make the case that this app was intentionally spread in these regions by the creators of the threat in order to maximise the download prevalence and convey their message to as large an audience as possible.
On running the app, the user is presented with a dialog box that gives the appearance that the app is in the process of being compromised or cracked when, in fact, the app is gathering and attempting to send back sensitive data (name, phone number, IMEI information etc) to an external server.
Additionally, the app sends out the following SMS messages to all the contacts in the contact list: "Hey, just downloaded a pirated App off the Internet, Walk and Text for Android. I'm stupid and cheap, it costed only 1 buck. Don't steal like I did!"
Interestingly enough, the Trojan performs the above set of actions in a routine of Android.Walkinwat called “LicenseCheck”, something traditionally used by legitimate apps for licence management in conjunction with a Licensing Verification Library available for the Android platform to help prevent piracy. The authors of the malicious code have taken an extra step to make sure that their app was obfuscated, which is another recommended measure to prevent piracy.
The app concludes with a final message to the user, reminding them to check their phone bill, as well as providing an option of buying the legitimate version of the app from the Android App market.
Although this isn’t the first case of disciplinary justice being used as means to send a message against piracy, Symantec says, this is the first of its kind discovered on the mobile landscape.