Hacktivists release malicious Android game app
Connecting state and local government leaders
A malicious Android app masquerading as a dogfighting game is the second of its type using the Google mobile platform to chastise users of the mobile apps.
The Dog Wars mobile game for the Android operating system has generated opposition from animal lovers, and someone has done something about it. A malicious (or not, depending on your point of view) app masquerading as a version of the game has been found by Symantec that sends embarrassing text messages from the user’s phone.
“It’s public shaming,” said Kevin Haley, a director of Symantec Security Response. He described the malware, named Android.Dogowar, as “more clever than sophisticated. In the old days they used to put people in the stocks. Now somebody is using an Android app for it.”
The malware has been given a low threat level and only a handful of infections have been found in the wild, but it is the second piece of hacktivist code for Android discovered by Symantec. The first, a phony version of a different application, chides users for downloading what appears to be pirated software.
Related coverage:
Android app test demonstrates dangers for mobile devices
Smart phones finding their way onto hacker hit lists
Dog Wars is a violent computer game being developed for Android that gives players the chance to “feed, water, train and FIGHT your virtual dog against other player's.” Material for an apparently legitimate beta version of the game includes the admonition, “If you have a bug up your b*tt about the game concept, remember: It is just A VIDEO GAME.”
Researchers found Trojan code inside an older beta version of the game that is being distributed on a few free software download sites rather than in the Android marketplace. The display icon of the Trojanized version is identical to the real one, except the word “BETA” has been replaced by “PETA,” as in People for the Ethical Treatment of Animals, a well-known animal rights group.
Haley said there is no indication that PETA has anything to do with the malware.
Once started, the app sends text messages to numbers in the user’s address book saying, “I take pleasure in hurting small animals, just thought you should know that.” It also sends a text to a number that signs the user up for a text-alert service operated by PETA.
The developers of Dog Wars advertise it as “A game that will never be in the iPhone app store,” and apparently that goes for the malware as well.
“I’m not aware of anything that has been done like this for the iPhone,” which more tightly controls the market for third-party applications, Haley said.
The one similar Trojan of this kind was a phony version of the Android Walk and Text application distributed through software download sites. It sends out the text message, “Hey, just downloaded (sic) a pirated App of the Internet, Walk and Text for Android. Im (sic) stupid and cheap, it costed (sic) only 1 buck. Don’t steal like I did!”
It then displays for the user a notice that the app is unlicensed, along with the message, “We really hope you learned something from this,” with a warning to check the phone bill and offering a link to buy the legitimate app in the Android market.
Haley hesitated to call two instances of hacktivist malware a trend, but said, “I wouldn’t be surprised if we see more of this.” With smart phones and mobile computers becoming more common and more widely used in the enterprise, threats targeting them are becoming more common. “You have to be careful in the world of mobile apps, especially in the Android space,” he said. He warned that when going to free download sites, “you get what you pay for.”
And sometimes you get something more.