A free "malicious" Android app, in the Android Marketplace is doing the rounds on peer to peer and file sharing sites. The app "Walk and Text" allows users to see what's in front of them while texting by using the camera to create a transparent background as they text.
According to Symantec the app displays a message to tell the user that the app has been "compromised" or "cracked" and in the meantime gathers the phones username, phone number and unique identifier, and sends it to a remote server. In addition to this, it sends a text message to every contact of the victim's phone reading, spelling errors and all:
"Hey, just downloaded a pirated App off the Internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck.Don't steal like I did!"
Finally, the software says to the user: "We really hope you learned something from this. Check your phone bill;) Oh and don't forget to buy the App from the Market." It includes buttons for buying the app or exiting.
Symantec has dubbed the malicious application as the Android.Walkinwat Trojan and categorised it with a 'Very Low' risk level 1.