Symantec is warning of a new rogue Android app that tells a user’s friends they pirated the program.
Computerworld reports that the app is a fake copy of the legitimate “Walk and Text” software, which uses the camera on a smartphone to show what’s in front of the user while they simultaneously walk and text. As the article explains:
The Trojanized version of the app includes malicious code that pilfers personal data from the phone — the phone number, the device’s unique identifier and more — and sends it to a remote anonymous server.
The app also texts an embarrassing message to each of the user’s contacts:
Hey, just downlaoded [sic] a pirated App off the Internet. Walk and Text for Android. Im [sic] stupid and cheap, it costed [sic] only 1 buck. Don’t steal like I did!
John Engles, a group product manager with Symantec’s security response team, calls the Trojan “fairly benign.” Although, it could cost the user money, depending on the number of contacts in a victimized smartphone.
When the app is run, the user gets a final message:
We really hope you learned something from this.