According to security firm Symantec, an Android app that found itself in the hands of Chinese hackers is hijacking infected smartphones and charging clueless owners. The free app is called Steamy Window, which was modified with a backdoor Trojan added to its code. It was then rereleased to unapproved third-party app vendors, where it’s been picked up by Android owners and since then wreaking havoc on their texting bills.
The original Steamy Windows app, which is free in the legitimate Android marketplace, is nothing more than a phone functionality game. It appears to cover your screen in steam that you can “wipe off” with the touch of a finger. The malware-infected version, Symantec notes, will ask users for significantly more permissions during installation.
Symantec principle security response manager Vikram Thakur says this isn’t an unsophisticated operation either. “This one stands out,” he tells Computer World. “It’s pretty comprehensive in what it’s doing.” Thakur says the app is capable of installing various applications as well as hijacking a user’s browser and texting client. Sending the discreet texts is how the hackers are simultaneously profiting and running unsuspecting users’ bills up. According to Thakur, it continuously sends SMS texts and also prevents users from knowing they’ve run over their allotted text amount. Android.Pjapps (as it’s been labeled) can also block texts, so any queries from contacts you’re spamming could be deleted without you being any the wiser.
This very well could only be the beginning for mobile malware of this nature. The code is apparently easy to tack onto to other apps, and according to Thakur this type of app hack “seems to be ramping up” over the last several months. Of course, he points out that Android is particularly susceptible to this type of activity since phone owners can access and use apps from outside app stores.