Hacked Steamy Window Android app racks up texting charges on users' bills
A hacked version of the Android app Steamy Window is running up text message charges on the wireless bills of unsuspecting users, according to security firm Symantec.
The Steamy Window app has been downloaded and broken into by hackers in China, who've added a virus to the source code called Android.Pjapps, then re-released on third-party Android app websites unregulated by Google, Symantec spokesman Mario Ballano said in a blog post.
"We have detected a few applications carrying Android.Pjapps code," Ballano said.
"One of these applications is Steamy Window. Similar to other compromised Android applications, it is difficult to differentiate the legitimate version from the malicious one once it is installed. However, during installation it is possible to identify the malicious version by the excessive permissions it requests."
Once the malicious version of the app is downloaded, the virus gets to work installing other applications, taking over a user's Web browser and adding bookmarks or surfing to other infected websites, as well as hijacking text messaging abilities, he said.
The app continuously sends out texts without alerting the user as to what it's doing or signaling when it has surpassed a user's limits on text messages, Ballano said.
The hacked release of Steamy Window can also block texts, so responses from those who receive a user's texts will be deleted before a user can see them, he said.
The hacking of Steamy Window isn't the first for an Android App. "Android malware is on the rise," Ballano said.
A safe and virus-free version of Steamy Window, built by the developers Swiss Codemonkeys, is available for download in the Android Marketplace.
Both the official release and the infected version of the Steamy Window app simulate a steamed screen that users can clear with the swipe of a finger.
Ballano recommended that Android users only download apps from Google's regulated Android marketplaces and that they turn on a feature in Android that prevents the installation of nonmarket applications.
"Checking user comments on the marketplace can also assist in determining if the application is safe," he said. "Lastly, always check the access permissions being requested during the installation of any Android applications. If they seem excessive for what the application is designed to do, it would be wise to stop installing the application."
-- Nathan Olivarez-Giles
Image: A screenshot comparison between the virus-free version of Steamy Window and its hacked counterpart and the different information (highlighted in a red box) the infected release asks for. Credit: Symantec