Written by: Valerie Ria Boquiron

In a rather unexpected turn of events, cybercriminals recently went out of their way to make a statement against piracy. While this is not the first time that cybercriminals targeted copyright violators, the malware in this attack varied from the usual Android Trojans we have have been seeing lately. Unfortunately, too, this Trojan does more than make a statement against piracy.

How does the malware arrive on the users' Android smartphone?

The Trojan, detected as ANDROIDOS_WALKINWAT.A, may be downloaded from third-party Android app markets. It specifically targets users downloading pirated apps instead of purchasing legitimate ones from the Android Market. To trick users, the Trojan poses as an updated version of Walk and Text, a legitimate app that allows users to text while keeping an eye on where they are going using their smartphones' camera.

What happens when the malware is installed into an Android smartphone?

Upon installation, it prompts the display of a window that informs the user that the cracking process is ongoing. What the user does not see, however, is that the Trojan is already gathering the following sensitive information from his smartphone:
  • Name
  • Phone number
  • International Mobile Equipment Identity (IMEI) number
  • Geographical location based on Google Maps
  • Phone model
  • Phone brand
  • OS version
This Trojan then sends all of the information it gather to http://{BLOCKED}orateapps.com/wat.php. Afterward, it sends text messages to all of the users’ contacts, informing them about the pirated app. Finally, it prompts the display of a message box reminding users to only buy legitimate apps next time.

How does this malware affect users?

This Trojan was primarily designed to fool users into thinking that they are downloading an actual cracked version of a legitimate app when they are not. Its creators aim to steal information from users, which they sell to interested parties or use for their own nefarious purposes.

What makes this threat noteworthy?

As previously mentioned, this is not the first time cybercriminals have taken on the role of Internet police. In the past, we saw FAKEAV-like adware that confronted users about their piracy-related activities and even offered help with legal settlements. Spammers have likewise sent out email messages warning users against their illegal activities.

This Trojan can thus be considered a more modern version of these old threats. As users shift from using desktop PCs to mobile devices, cybercriminals are seemingly shifting their attention to smartphones and other mobile devices.

What are the implications of mobile app piracy?

Apart from the fact that piracy is illegal as it infringes on copyright issues, it also opens doors of opportunity for cybercriminals. Pirated or cracked versions of legitimate apps are easily accessible on many file-sharing sites and unofficial app stores. Many apps have also been known to leverage vulnerabilities that surface soon after a mobile device has been jailbroken

Are Trend Micro product users protected from this threat?

Yes. Trend Micro Mobile Security for Android™ protects smartphones and other mobile devices running on the Android OS by preventing the download of fraudulent or malicious apps.

What can users do to prevent this malware from affecting their devices?

The easiest way to avoid becoming a victim of malware such as ANDROID_WALKINWAT.A is to stay away from pirated apps. Purchasing apps from legitimate sites like the Android Market may cost money, but doing so can save users from losing more in the long run. Stolen information is valuable in the cybercrime underground and is definitely worth a lot more than what most apps cost.

Expert Insights

"We should treat this as a lesson for users that pirated apps that may lead to unwanted consequences. The message sent to the users’ contacts actually has a point. The app only costs a little more than US$1 and yet people still want to get it for free. Now, they are being charged a lot more because of all the SMSs the app sent. It also cost them sensitive device information. Moreover, app makers will lose money if people continue pirating their software and this may discourage them from making more, which may eventually affect users." —Karl Dominguez, Trend Micro Threat Response Engineer