Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
tvennon

Top Rated “Walk and Text” Application Pirated, Trojanized in 3rd Party App Stores

by Juniper Employee on ‎03-29-2011 01:07 PM

Over the last couple of days, the Juniper Global Threat Center has been analyzing and tracking more pirated applications with malicious code tucked into them, called “Pirate Text”.  Just as has been the recent trend, we’re looking at one application that has been pirated from the Android Market and is being passed around 3rd party app stores and torrents, which are peer-to-peer, file sharing resources.

 

The main application we’re looking at is currently the 14th rated Android application by “101 Best Android Apps“.  What appears to have happened is the copyright holding developer, Incorporate Apps, published a new version (1.3.6) of the “Walk and Text” application to the Android Market.  Within two hours, the new version was pirated from the Market, taken apart, had the malicious code written into the application, was re-signed with a different key, then was being distributed as an even newer version in several torrents.

 

In one particular forum that was peddling the pirated application, we even saw the Incorporate Apps post a cease and desist in the thread and go after the forum’s moderator to remove the links to the mirrors that were hosting the pirated application. During our analysis, it was obvious that the links had been removed on that particular site, but we were still able to find copies of the original application and the new malicious application from other locations.

 

The version that was pirated from the Market was version 1.3.6.  The current Market version is 1.5.3.  The version that has the malicious code is version 1.3.7.  As far as we can tell, version 1.3.7 is not an official update to the legitimate application that was pushed out from Incorporate Apps.  It looks like version 1.3.7 that exists is actually version 1.3.6 with malicious code written in and was subsequently signed with a different self-signed certificate than the one used by Incorporate Apps.  This is a good indication that someone else repackaged this application because they did not have access to the legitimate certificate from the original developer.

 

The malicious “Walk and Text v1.3.7″ application appears to function normally to the user.  However, in the background it sends an SMS message to all of the device’s contacts with the following message:

 

“Hey, just downloaded a pirated App off the Internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck.Don\’t steal like I did!”


The certificate that was used to sign “Walk and Text v1.3.7″ is particularly interesting as well:

 

Cert1.jpg

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Here is an image of the certificate used to sign the legitimate application that we downloaded from the Android Market:

 

cert2.jpg

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

At this point, initial analysis indicates that the malicious “Walk and Text v1.3.7″ does not do anything other than send annoying SMS messages to the device’s contacts.  The nature of the SMS message that is sent would indicate that someone wanted to make a point that downloading pirated applications is unethical, but the method they used is just as unethical.

 

Over the past 3 months, it’s become painfully obvious that there is more danger in downloading applications from 3rd party locations than is caused by paying the nominal fee necessary to get legitimate versions legally.  For users who simply cannot force themselves to download applications from the official Android Market, new and legitimate app stores are popping up with the backing of legitimate business practices and promotions, like Amazon’s App Store for Android.

 

Though we believe the infection rate to be extremely low, Junos Pulse Mobile Security Suite users are already protected from the threat posed by “Walk and Text v1.3.7″ as of 3/29/2011.

 

Android users that are not protected by Junos Pulse Mobile Security Suite who have downloaded their version of “Walk and Text” from a 3rd party location, can check the version of their application by tapping Settings > Applications > Walk and Text.  If your version number is 1.3.7, it is highly recommended that the application be uninstalled:

 

App-Info.jpg

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Once the application has been removed, you can download and PAY for the legitimate application from the Android Market.  And, don’t forget to apologize to your friends for sending them the SMS message telling them that you were using a pirated application…

 

 

 

 

 

 

 

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.