If you have an Android app and want to download a free version of a paid app; don't do it.
Security firm Symantec recently said a fake Google Android app, advertised as a free version of a paid app, is making the rounds and victimizing unsuspecting users. The app steals data from the user and worse yet; sends the user's SMS contacts an embarrassing message.
Hey, just downlaoded [sic] a pirated App off the Internet. Walk and Text for Android. Im [sic] stupid and cheap, it costed [sic] only 1 buck. Don't steal like I did! the message reads.
The app, Symantec says, is the first it has discovered that actually tries to discipline the pirate who has downloaded it. It is a version of Walk and Text, an app available for $1.53 that uses the user's camera phone to show them what is in front of them as they text. The Trojan app is available on file-sharing sites and not the official Marketplace.
The fake app can be downloaded under the name Android.Walkinwat. Once its downloaded and running, the user is presented with a dialog box that gives the appearance that the app is in the process of being compromised or cracked. However in reality, its gathering sensitive data and sending it to an external server. It does so through a process called LicenseCheck, which is a legitimate process real apps use to verify their apps for privacy purposes.
Finally, along with the text message, the app displays a message to the user saying, We really hope you learned something from this. Check your phone bill;) Oh and don't forget to buy the App from the Market.
Symantec has a number of theories as to whether the person responsible for the malware is actually the developer behind Walk and Text.
One could make the case that this app was intentionally spread in these regions by the creators of the threat in order to maximize the download prevalence and convey their message to as large an audience as possible, however one could also make the case the creator of Android.Walkinwat is attempting to undermine the publisher of Walk and Text, Infran Asrar, Symantec employee, said in a blog post.