Yay, more malware! This time, a trojan called Android.Pjapps is making its rounds inside of a modified version of the Steamy Window application. This cracked version of the application is reportedly available on various warez sites, but doesn’t seem to be in the Android market, thankfully.
The trojan is said to send text messages to phone numbers that will allow the recipient of that text message to add a few more dollars to your monthly bill. The trojan also blocks incoming texts from the response system so that the user is never notified that this is happening.
It’s a nasty sounding trojan that – quite honestly – has me thinking twice about my stance on mobile anti-virus solutions. (If you were wondering, my stance was that they were quite pointless.) Now, I feel like downloading one just to stay on the safe side.
The developers behind these trojans are getting more vicious with what they’re able to do, and that’s quite unsettling. Everything from my data being wired to someone’s computer to being charged $100 for something I never purchased could happen. I’m not saying it ever will happen to me – I pay close attention to what I download and am very selective about what I get and from where.
And while this trojan is only up on warez sites where pirates deserve SOME sort of “payback”, what’s keeping these developers from uploading their applications to third-party markets such as GetJar or the Android market where legitimate customers could be at risk? Google usually takes care of any highly-malicious application with a killswitch feature they’ve implemented, but that isn’t always fast enough in some cases.
We always joke about how this industry has become a lot like the war between Apple, Microsoft and Linux on PCs, with Google filling in for Microsoft for the time being. We’re usually talking about how the open strategy keeps Android’s growth spurt going, but just like the PC side of things, malware is starting to plague Android and virus protection is more necessary than it ever has been.
The only thing I can ask you guys to do is to research what you’re downloading and from who and from where. Use the Android market wherever possible and don’t put yourself in these sorts of unfavorable situations. Not pirating would also be nice. [via Android Central]
Oh come on… the security firms are trying to make a buck here. Seriously, a pirated app, downloaded from Warez site, causes you troubles…
Do you know how many steps you go through before that happens?
1. Enable side loading
2. Go to pirate site
3. Accept to give it permissions that include (Services that cost money)
4. Install it.
In other news, pirated applications for Windows and Mac can also contain malware.
It’s not that complex.
Enabling side loading is just a quick switch in the settings. After that just a google search for app .apk and install. Many people will not look at the permissions because the app is cleverly disguised or they just don’t think it will happen to them. (And it PROBABLY will not.. but.. look at the permissions anyways.)
But ya, very soon it will be time to install AVG on my device… not yet. I stick to the market myself and so far it has been as clean as a Amish porn.
“Google usually takes care of any highly-malicious application with a killswitch feature they’ve implemented, but that isn’t always fast enough in some cases.”
–
That’s why they need to test the apps FIRST and not just act after the fact because it wants to load up the market with thousands of buggy hello world apps
The developers behind these trojans are the same developers behind the antivirus products. Why do you think that the antivirus companies were here before the viruses ever occur.
I download pirated apps all the time… but I have lookout to scan them
@David 73 – “I download pirated apps all the time… but I have lookout to scan them”
You are not helping.
No antivirus is not a necessity for Android YET in my opinion.
If you steal apps, you deserve to get malware.
Or another reason why not to let services charge you through your carrier…. Who’s ever idea that was was probably the same person/people behind these malware apps.
.
And one VERY helpful preventative measure that could be put in place, is for the carriers to give you the option to BLOCK those types of service charges.
But hey, they probably don’t care, as they’re probably making something off of them too.
.
Sigh…
Smart piraters will do it through the market, then refund : )
yeah i must admit.. lookout seems to be alright. although until i come across an app with a virus ill never know if it works or not lol
@time
which is why Google changed the refund time down to 15 minutes.
If it wasn’t for piracy, I think the refund window would still be 24 hours.
I mentioned mobile antivirus apps months ago and people scoffed at the idea and quickly dismissed it. The fact is, it’ll only get worse from here and before long, even confining your downloads to the Market won’t keep you 100% safe. Think twice before downloading anything as protection is quickly becoming an important part of your mobile computing!
Wrap it before you slap it!
Sprint RULES!!! all you guys need to do is by the HTC EVO 4g, its such a bad ass phone that it doesnt get viruses! that what you all get for not having a EVO!
I guess the first question someone should ask is why a “Steamy windows app” requires SMS permissions. DUH.
-Brad
Desi: It takes 30 seconds to copy an app and refund.
How do I copy an app? I’m rooted, but I don’t know which part of my file manager I need to look through to find the apps.
Lately, I’ve been using 4shared instead, but I would like to know how to copy.
What rubbish. This is just another case of idiot users not paying attention to the permissions an app requests at install time. It is common sense, and calling malware on Android “a plague” is a gross exaggeration.
I second wanting to know how to copy apps? Any good antivirus anyone recommend?
@Brad
People hardly ever pay attention to the permissions screen, so most would get their bill before they figured out what was wrong.
“not pirating would also be nice”…. ha, that’s funny. Good one. Next you’ll probly say something dumb like we shouldn’t wear socks with velcro sandals.
For those that say “it’s just a simple thing to see what permissions the app needs”, it’s true… however, remember how the legitimate Angry Birds update required “SMS” permissions… and how many people still installed it?
As a side note, do you read every word on ever contract you sign? Do you read the long pamphlet on you medications (looks at over the counter meds, they come with a long explanation).
@Joe /data/app
What do you think is the best way to keep people from stealing apps?
When no one is guarding the chicken coop, the foxes can get in with the chickens….serves you right for settling for fake iPhones…..enjoy your malware fandroids!! Lol!
I’d like to see Google offer an additional service to developers to certify their apps. If the developer submits an application through this service it would be screen similar to the Apple screening (except optional). Certified applications would be easily identifiable in the market. Hell Google wouldn’t even have to provided the service they could just work through a third party, in fact that might even be better as it would be less biased.
In other news people who trust apps found on warez sites are also found to frequently visit the helpful people at Geek Squad to fix the oft-infected computer.
@Joe, You’ll need a rooted phone for that
@all, But we could sure use a troll filter here on Phandroid, couldn’t we.
@all who think it’s the anti-virus people writing the viruses.
1. Study the major viruses that have been written and you’ll find it’s a set of very dark minds at work, not the A-V writers.
–
Then study the history of viruses on MS-DOS, Windows, Mac (yes, Mac), Android, and other OSes. You’ll find that the anti-virus folks have arrived in Androidland precisely because they have either experienced or studied the history of black hat hackers. They may have arrived here before the bad guys, but that’s only because they’ve seen the damage elsewhere because the black hats got there first.
@all, Lastly, looking at some of the trolling posts that show up here, we could sure use a troll filter here on phandroid :-)
We could also use a troll filter
@ Keith: YES. I have been wanting this for aages. Not sure what level of quality should be required though…
Gotta love the irony of stealing an app and getting charged.
Installing Apps for the common user would so much easier to understand if they explained in more detail what an app will do with for instance: “Phone Identity” permission. Yes it can access the Phone Identity but what will it do with that information.
App stealing is a bad idea for the system, it will just discourage devs from making apps for android. Actually I guess it may just push all devs toward free apps full of ads. <-which is what I want anyway. So go ahead guys.