The Latest in IT Security

Animal Rights protesters use mobile means for their message

16
Aug
2011

After a public outcry and a write-in campaign failed to convince the creators of ‘Dog Wars’ to discontinue work on their app, it appears that protester(s) have now taken to targeting the users of the app directly in order to get their message across. Symantec has discovered that a Trojan code was planted into an older version of ‘Dog Wars’ (Beta 0.981) that can still be found circulating on warez sites. This version has not been found on the official Android Market.

Agreement by the user to grant the permissions requested by the app (which will include SMS permission) will allow for the the app to be installed. Upon installation, the display icon of the legitimate app looks almost identical to that of the app that has been bundled with the Trojan (on devices with a screen size of 3 – 3.5 inches). In fact, they looked so similar, we almost failed to spot this one difference several times; but closer inspection into the icon of the app containing the Trojan revealed that it actually says ‘PETA’ rather than ‘BETA’ in the app icon.

Internally the Trojan code has been injected as a package called ‘Dogbite’. Once a compromised device starts up, a service called ‘Rabies’ is initiated in the background, which carries out the core functionality of the app.

Once started, the service proceeds to send out a text message to everyone on the contact list of the compromised device with the following message: “I take pleasure in hurting small animals, just thought you should know that”

The final action carried out by the service is to send an SMS message to “73822” with the single word “text”.

After a bit of researching, we have established that this was an attempt to sign up the compromised device (only works in the US) to a text/alert service operated by PETA. (Instructions for users to unsubscribe themselves can be found here) In spite of the fact that few clues have been left behind, we have no reason to believe that PETA had anything to do with this app, and that it is most likely the work of someone attempting to associate the app with PETA or to gain sympathy by the association.  Symantec is detecting this threat as Android.Dogowar.

Leave a reply


Categories

WEDNESDAY, OCTOBER 28, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments