By Ryan Cloutier, Contributor
New among the rapidly growing mobile malware landscape is Android.walkinwat; however, instead of the usual black hat aims of normal malware this version seeks to deter victims from downloading pirated software.
Walkinwat attracts victims by posing as a version of a legitimate app in off label versions of Android app stores and the infected application is available on several prominent file sharing websites throughout North America and Asia. The real app, Walk and Text, is available in the Google approved app store.
Upon running the infected app, the infected user is presented with a pop-up screen that gives the appearance the app is being cracked, while instead the app is actually gathering sensitive information from the victim’s phones and sending it to an eternal server according to Ifran Asrar writing for Symantec’s Security Response blog.
According to Asrar the malware also sends the following text message to all of the contacts in the infected user’s contact list:
“Hey, just downlaoded a pirated app off the internet, Walk and Text for Android I’m stupid and cheap, it costed only 1 buck. Don’t steal like I did!(sic)”
The app concludes with a similar message to the user instructing them to check their phone bill and offering them the option of buying the legitimate app from the App Store.
“Although this isn’t the first case of disciplinary justice being used as means to send a message against piracy, this is the first of its kind discovered on the mobile landscape,” writes Asrar.
Former Intelligence CIO New BofA CISO
In an interview with Information Security Media Group last summer (Is Infosec Worker Need Underestimated?), Gorman addressed the struggles businesses and governments face in finding IT security professionals to safeguard their organizations' digital ...
Posted by InfoSec News on Mar 30http://www.kpsplocal2.com/news/local/story/Thief-Gets-Away-with-Eisenhower-Medical-Center/iHz9UARsj02KcejAkj2inA.cspx
Posted by InfoSec News on Mar 30http://www.kjonline.com/news/hackers-breach-banks-online-system_2011-03-30.html
Posted by InfoSec News on Mar 30http://www.computerworld.com/s/article/9215360/Comodo_hacker_claims_another_certificate_authority
Posted by InfoSec News on Mar 30http://news.xinhuanet.com/english2010/china/2011-03/31/c_13806104.htm
Posted by InfoSec News on Mar 30http://www.wired.com/threatlevel/2011/03/nsa-investigates-nasdaq-hack/
Posted by InfoSec News on Mar 30http://www.bankinfosecurity.com/articles.php?art_id=3479
Posted by InfoSec News on Mar 30Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>