Two recent incidents illustrate this new trend of using malware to make political statements, Haley, who is director of Symantec Security Response, told Infosecurity.
The first malware incident happened in March this year when activists used a bogus Android application to send a message about pirated software. The trojan was installed on a version of the Android “Walk and Text” application, which cost $1.50 from the Android marketplace. The legitimate application turns on the phone’s camera while the person is writing a text message, so that the person could see where he or she is walking while typing the message.
A version of the application with a trojan was made available on warez sites, where applications can be downloaded for free. “When they downloaded this particular version, a text message was sent to all their contacts implying that they had stolen software. It is something of a new development in the Android mobile phone space, where these trojans are being used, not to steal anything, but to shame people”, observed Haley.
The second malware incident, which occurred this month, involved the dog-fighting game application called “Dog Wars” for Android phones.
“Someone has taken a version of this game [Beta 0.981] and inserted their own code, a classic trojan, and made it available on sites were mobile phone apps can be downloaded – not in the Android marketplace but in software sites called warez sites that have software that can be downloaded for free”, explained Haley.
“This is a classic trojan in the sense that inside the app there is a ‘surprise’, something you didn’t expect. You can go back to when the Greeks hid soldiers in the horse for a model”, Haley quipped.
Using software packages and services named “Dogbite” and “Rabies,” the bogus application, called Android.Dogowar, sends out the following text message to everyone on the contact lists of the person who downloaded the app: “I take pleasure in hurting small animals, just thought you should know that.” The malware then attempts to register the compromised device for a text message alert service operated by People for the Ethical Treatment of Animals (PETA), Symantec noted.
Haley stressed that as far as Symantec is aware the hacker has no connection with PETA. “Typically, if you were going to do something like this, you wouldn’t put your name all over it.” The bogus app has the word “PETA” on the screen in place of the word “BETA” on the original app.
In a blog post, Symantec researcher Irfan Asrar said that the malware was “most likely the work of someone attempting to associate the app with PETA or to gain sympathy by the association.”