If you have a bad (and illegal) habit of downloading pirated or cracked apps off the net then this vigilante app is out to teach you a lesson. Say hello to the Android.Walkinwat, the first threat to be discovered on the mobile phone that aims to punish users who download apps from unauthorized sites by shaming them.
The Android.Walkinwat was carefully planted on several file-sharing sites all throughout North America and Asia, posing as a cracked version of a legitimate Android app, "Walk and Text." The original version of the app works by using your phone's camera to give you a live feed of your surroundings so you can text while you walk without worrying about bumping into any lamp posts or people while you go your merry way. It costs $1.54 in the Android market but some people are apparently too cheap to shell out the amount for an app that they might find useful or enjoy using.
Anyhow, once the user downloads and installs the Android.Walkinwat, it displays a message to the user as if it's cracking the app, when in fact it's just gathering some personal data (including the user's name, phone number, and IMEI information) to send to an external server.
Image from Symantec.
Once it's done sending, the following message pops up to greet the unpleasantly shocked user:
"We really hope you learned something from this. Check your phone bill ;) Oh and dont forget to buy the App from the Market."
That's not enough for the vigilante app, so it does one further by sending the following embarrassing text message to all of the contacts on the phone:
The Android.Walkinwat trojan performs these actions by doing a "LicenseCheck", which is what legitimate apps also conduct for license management to prevent piracy.
A blog post by company security company Avast software did a bit of digging and concluded that the data obtained by the pirated app was being sent to a URL that belonged to the chief executive of Incorporate Apps, Georgi Tanmazov. This company develops apps for the Android; among these, the legitimate version of the "Walk and Text" app. These allegations were quickly dismissed by Incorporate Apps, whose representatives posted comments in reponsed to Avast's blog.
Avast responded by editing their blog post but added evidence that links the trojan app to Incorporate Apps. The exchange has since turned into a heated argument in the comments section, which was finally closed and concluded by a comment from Vincent Steckler, the CEO of Avast. Since the blog post and the comments are too long to repeat here, you can read the entire thing for yourself: Android is calling: Walk and Text and be Malicious.
Regardless of who the people behind the Android.Walkinwat really are, one thing is certain: users who download cracked apps are no longer as safe (and anonymous) as they think. Pirates, beware!
Sources: Symantec, Los Angeles Times