Android Apps Security Alert: Legitimate Apps being Hijacked and turned into Trojans
Mar 1, 2011 9:22 AM –
I first read the headlines on ComputerWorld that legitimate Android app Steamy Windows has been hijacked, Trojaned, placed back into third-party Android market websites (not Google’s official Market), and flagged by Symantec as malware. The Trojan named Android.Pjapps has back door capabilities by stealthy sending text messages to premium numbers racking up charges on users’ phone bills. Among other things, it is able to install applications, navigate to websites, add bookmarks to your browser, send text messages, and optionally block text message responses [from carriers warning you of account over spending]. Plus it sends sensitive information obtained from the device, including: IMEI, DeviceID, Line Number, Subscriber ID to a Chinese website. A nasty little booger, if you have this app good or bad just uninstall it! 😡
I immediately got in touch with Uwe Maurer, co-founder of uber-popular Android Market sync website AppBrain, whose app became victim of the Trojan and he was just as surprised to find of the news. He also urges the original and safe version of Steamy Windows is on Google’s official Android Market and should be downloaded there.
If you must download in sources outside of the Android Market, which is much the case for countries or devices that do not have Android Market support; then please be diligent and check the permissions requested of any app, overzealous or malware apps would ask for more permissions than needed. If you are not comfortable with them then do not download the app!