Symantec has uncovered yet another trojan horse in a pirated Android app. This time around it's the "Android.Pjapps" trojan, and you can find it in modified versions of the Steamy Window app that have been cracked and placed on Android warez sites. The official version of Steamy Window that's on the Android Market is not infected. And it's a fun little time waster that you should probably have a look at.
What's happening from the trojan in the pirated app is a bit scary. Without your knowledge, it signs you up for premium text message services, sends off texts to them without your knowledge, and blocks incoming texts from the service so that you have no idea what is going on -- until your monthly bill from your service provider arrives. It's sneaky, and someone needs a good old-fashioned ass kicking for doing it. As we saw with other instances of malware hidden inside legitimate applications, this one originates in China, and is written by people probably a lot smarter than most of us. You're not going to be able to outwit them. Be smart -- only download apps from trustworthy sources, and read the permissions an app asks for when installing it. Or you can go a step further and install an anti-virus application.
Now that the news portion is done, I want to say that anyone stealing Android applications will eventually get what they deserve. These unofficial, unsanctioned, pirate websites hawking paid apps for free don't care about you. They just want the traffic to view their ads, or your "$10 per year for all apps for FREE ZOMG." If you visit them, and get a little more than you bargained for in the application you have stolen, make sure you only blame yourself. There are legitimate sources to download applications if you're unable to access the Android Market, and they help developers get paid what they are owed. Use them.