Trojan Hides In Angry Birds Game

Malware authors are using the popularity of the Angry Birds series of games as a way to infect the smartphones of users who download the exploit from unofficial Android app stores, according to a security software firm.

In a 12 April post on SophosLabs’ NakedSecurity blog, Graham Cluley said the Trojan horse masquerades itself as the Angry Birds Space game. When downloaded, the malware installs its malicious code onto the device.

Malicious code

“The Trojan horse, which Sophos detects as Andr/KongFu-L, appears to be a fully functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code,” Cluley wrote. “The Trojan communicates with a remote website in an attempt to download and install further malware onto the compromised Android smartphone.”

Andr/KongFu-L is a known Android Trojan.

Once the malware is installed and the Android device compromised, cyber-criminals can then send instructions that will lead to more malicious code being downloaded or URLs to be displayed in the smartphone’s browser, he wrote.

“Effectively, your Android phone is now part of a botnet, under the control of malicious hackers,” Cluley wrote.

The Trojan that pretends to be the Angry Birds Space game from Rovio can be downloaded from third-party unofficial Android app stores, though SophosLabs did not name any of those stores. Cluley said the version of Angry Birds Space in the Google Play, Google’s official apps store – formerly called Android Market – is not affected by the malware.

Rovio also posted a warning on its website about malware-infested versions of the game: “As you get ready to pop pigs in zero gravity, watch out for fake versions of Angry Birds Space, and make sure to download safe by getting the official game from Rovio.”

Increased risk

As smartphones increase in popularity with both enterprise users and consumers, they’re also becoming a growing target of cyber-criminals. According to a report released in February by Juniper Networks, malware specifically targeted at mobile operating systems more than doubled in 2011, growing by 155 percent across all platforms – including Apple’s iOS, Google’s Android, Research In Motion’s BlackBerry and Nokia’s Symbian.

Android saw the biggest leap in malware incidents, according to the Juniper report. Malware targeting Android grew 3,325 percent in the last seven months of 2011, and Android malware accounted for 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition.

According to Juniper, Android’s diverse and open marketplace – where developers can post their apps – and the platform’s growing market share made it an attractive target for cyber-criminals. It has almost half of the mobile operating system market, according to analysts.

“Hackers are incented to target Android, because there are simply more Android devices as compared to the competition,” Daniel Hoffman, chief mobile security evangelist at Juniper, said when his company’s report was released.

Hoffman said Google’s “Bouncer” service, which scans apps in the official Android market place and removes offenders, is making it more difficult for scammers to upload malicious apps. Bouncer, which began operating in the second half of the year, will “certainly help” reduce infection rates from downloads on the official market of known threats, he said.

Sophos’ Cluley said users of Android-based mobile devices need to take care when they decide to download an app.

“It feels like we have to keep reminding Android users to be on their guard against malware risks, and to be very careful – especially when downloading applications from unofficial Android markets,” he said.

How well do you know Internet security? Try our quiz and find out!

Jeffrey Burt

Jeffrey Burt is a senior editor for eWEEK and contributor to TechWeekEurope

View Comments

  • I'm sorry, but if you download games from unofficial sources you are asking for trouble. You would think this is plain common sense!

    And why would anybody download what is a free game from non-official sources!

    • I guess the main reason I could see someone using an alternate source is when your device is locked to your provider's "market" and not the actual Google Market. Or, a Kindle Fire user locked to the Amazon Market that gets charged 2.99 for Angry Birds Space because the free version is deliberately disabled for the Fire even though the Google Play version works on it flawlessly -- provided you have the tools to sideload it instead of using a 3rd Party Appstore.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

40 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

18 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago