Symantec Corp. said Thursday that it has detected a new kind of malware that targets Android mobile phone users who download illegal applications.
“Although this isn’t the first case of disciplinary justice being used as means to send a message against piracy, this is the first of its kind discovered on the mobile landscape,” Symantec said in a blog post.
The malicious program, known as Android.Walkinwat, appears to be a free version of Walk and Text, a legitimate Android app that costs $1.55 to download.
However, when the malicious app is run, it attempts to send sensitive information such as the user’s name and phone number to an external server, Symantec said. The program has a public shaming component as well, sending a text message to all of the phone’s contacts that reads: “Hey, just downlaoded (sic) a pirated App off the Internet, Walk and Text for Android. Im (sic) stupid and cheap, it costed (sic) only 1 buck. Don’t steal like I did!”
Then, to drive the lesson home, the user sees a screen saying “We really hope you learned something from this. Check your phone bill Oh and dont (sic) forget to buy the App from the Market.”
The Android.Walkinwat program has been circulating on well-known file-sharing Web sites in North American and Asia, Symantec said. Its creators’ identities and location are unknown.