An older version of a controversial Android app called "Dog Wars" has been modified to include a Trojan horse that takes actions without the device owner knowing it, according to security firm Symantec.
The app sends a text message to everyone in the contact list that says, "I take pleasure in hurting small animals, just thought you should know that," and signs United States-based devices up for a text alert service operated by People for the Ethical Treatment of Animals (PETA), Irfan Asrar wrote in a post on the Symantec blog.
"We have no reason to believe that PETA had anything to do with this app, and that it is most likely the work of someone attempting to associate the app with PETA," he writes.
A PETA representative provided this statement when asked for comment: "We don't know who created this version of the app, but we think it is ingenious. When someone creates a game that glorifies animal abuse, you can bet that people will come up with clever, smart ways to take action against it."
The malware, which Symantec is calling "Android.Dogowar," was found in an older version of the Dog Wars app, Beta 0.981. It is not on the Android Market but can be found on so-called "warez" sites, where pirated software is exchanged for free, Symantec said.
Following a public outcry, the makers of Dog Wars changed the name of a later version of the app made by Kage Games to KG Dogfighting, and PETAthat offers information about combating cruelty to animals. Now someone has taken it a step further and targeted phones that have the early version of the app installed.
"Agreement by the user to grant the permissions requested by the app (which will include SMS permission) will allow for the app to be installed. Upon installation, the display icon of the legitimate app looks almost identical to that of the app that has been bundled with the Trojan (on devices with a screen size of 3 - 3.5 inches)," the Symantec blog post says. "In fact, they looked so similar, we almost failed to spot this one difference several times; but closer inspection into the icon of the app containing the Trojan revealed that it actually says 'PETA' rather than 'BETA' in the app icon."
The Trojan code is injected into the device as a package called "Dogbiet," and once the compromised device starts up, a service called "Rabies" in the background sends the text messages out and sends an SMS message to "73822" with the word "text," thus initiating the PETA alert service, according to Symantec.