Malware found in Pirated Android App
Malwares and viruses in mobile phones is nothing new. Any old symbian user from the Nokia 6600 era will have his share of stories of battling viruses and other malicious software that plagued Symbian. Even iPhone has had similar issues in the past and so it was only a matter of time before it spread to Android too.
What we have here is a trojan called Android.PJapps which resides in a modified version of the Steamy Window app. What it does is sign you up for premium services, sends texts to them and block incoming texts from that service. Users will have no idea texts are being sent from their phones and since incoming texts will be blocked, they wont realise something’s wrong. The only way to really know is when you’ll get the monthly bill that will probably be in the four figures or more. The good thing is that Google was very quick in responding to this and using the kill switch feature implemented in all Android phones, they have remotely wiped out the application.
I’ve always been a skeptic of anti-virus application for cellphones; I’ve never had one in my phone. But considering it was Symantec that discovered this malware, it really makes you think twice about such a stance. Are we moving towards a time where anti-virus apps come as default in cellphones? There are a number of things that can be concluded from this; users should be careful about what they install in their phones. The only reason a virus can effect your phone is through your own ignorance. The Steamy Window app that was infected was not the one on the Android market, but found on some other random site and needless to say downloading it was inviting trouble. Always read the permissions page that appears before the app installs itself. If steamy window is asking for SMS permission you know something’s not right. Download apps from trusted sources and avoid cracked apps. If there’s an app that costs money, it’s probably because its worth it. There’s a lessen for carriers here as well. Google patches these security holes with frequent updates and seeing how broken the system of forwarding updates to end users from carriers is, Google would do well to tighten the screws in this regard.