Android.Walkinwat is the first mobile phone threat that slaps the wrists of users who illegally download files from unauthorised sites.
The app is disguised as a non-existent version of Walk and Text, an app legally available on the Android Market for a small cost. But the app can also be found on several file sharing websites for free.
"One could make the case that this app was intentionally spread by the creators of the threat in order to maximise the download prevalence and convey their message to as large an audience as possible, however one could also make the case the creator of Android.Walkinwat is attempting to undermine the publisher of Walk and Text,” said security firm Symantec.
When users run the illegally downloaded app they are presented with a dialog box that makes it look like the app is in the process of being compromised or cracked. But it’s not; the app is actually gathering and attempting to send back sensitive data to an external server. Personal details the app is looking for include the user’s name, phone number and IMEI information.
But that’s not all the app does. It also makes an example of the user by sending out an SMS message to all contacts in the contact list. The message reads, "Hey, just downloaded a pirated app off the internet, Walk and Text for Android. I’m stupid and cheap, it cost only 1 buck. Don’t steal like I did!”
The app’s work to serve justice finishes with a final message to the user, reminding them to check their phone bill. It also offers a final option of buying the legitimate version of the app from the Android market. "Although this isn’t the first case of disciplinary justice being used as means to send a message against piracy, this is the first of its kind discovered on the mobile landscape,” added Symantec.