Hacked Android app calls premium rate numbers

ANDROID APP Steamy Windows has been hacked and turned into malware that runs up high text messaging charges on phone bills.

Insecurity firm Symantec spotted the hacked Steamy Windows Android app, which was breached by Chinese hackers. The hacked app was released with an added Android.Pjapps Trojan backdoor. That was sent to unknowing punters downloading it from unregulated third-party Android marketplaces.

Symantec claims that punters should be able to tell the difference between the legitimate Steamy Windows app and the one with the malicious code embedded in it.

"The aim of Android.Pjapps is to build a botnet controlled by a number of different Command and Control (C&C) servers," blogged Symantec employee Mario Ballano.

"Among other things, it is able to install applications, navigate to websites, add bookmarks to your browser, send text messages, and optionally block text message responses," he continued.

Symantec reckons the hacked app is designed to send texts to premium-rate phone numbers or push ad campaigns to compromised devices.

But don't worry, malware spotters. Apparently, the hacked app triggers too many permission requests on the device it's installed on and the malicious code adds even more functionality.

So for you, it's easy to spot. For the average Android punter, though, who is going to run side by side installs of legitimate and hacked apps to spot the differences? They aren't going to know what's going on until they get a massive bill from their telco operator demanding wads of cash.

Symantec obviously recommends prevention first. Don't download any apps from dodgy unregulated websites, or you can turn off installation of non Android Market apps in the Android OS. µ