Codebreaker

Android app hacked

John Moe Mar 1, 2011

Seems like we’ve been hearing about the security vulnerabilities of Android apps for a while and here’s a test case. Steamy Window is a silly little app where you get a screen that looks like it has steam on it, then you can draw on it like you would a fogged up car window. The app was apparently downloaded, hacked into, a Trojan Horse installed, and then the app was rereleased onto third party Android app sites that Google doesn’t control. If you install the infected version (which of course looks exactly like the non-infected version) the app sends out hundreds of text messages from your account, installs other infected apps, and takes over your browser. The hack was reported by the security firm Symantec.

The Trojan can “install other applications, monkey with the phone’s browser bookmarks, surreptitiously navigate to Web sites and silently send text messages, said Thakur. The last is how the criminals make money. ‘The Trojan lets them send SMS [short message service] messages to premium rate numbers,’ said Thakur, for which the hackers are paid commissions.”

As a nonprofit news organization, our future depends on listeners like you who believe in the power of public service journalism.

Your investment in Marketplace helps us remain paywall-free and ensures everyone has access to trustworthy, unbiased news and information, regardless of their ability to pay.

Donate today — in any amount — to become a Marketplace Investor. Now more than ever, your commitment makes a difference.