Android under attack via disguised app

android-app-2 A version of the app called Walk and Text is available on the Android Market which is infected with a Trojan virus and is exploiting users. Also known as Android.Walkinwat, when run a dialog box opens up saying the app is processing on the front hand, however on the back hand the app gathers and sends data like name, phone number, IMEI number, etc. to an external source. The app also sends out the following SMS messages to all the contacts in the contact list, “Hey, just downloaded a pirated App off the Internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck. Don’t steal like I did!” In the end it shows a message telling the users to check their phone bill and to buy the original app from the Android Market.

The app has been spreading easily as it is authenticated, well sort of. The Trojan virus performs the above actions in a routine of Android.Walkinwat called “License Check” which is usually used by legitimate apps for license management in combination with a Licensing Verification Library available for the Android platform to help prevent piracy. The authors of the malicious code have also taken a step to make sure that their app was complicated, which is another recommended measure to prevent piracy.