Android malware poses as Angry Birds Space game

Angry Birds Space Android malware authors have seized an opportunity to infect unsuspecting smartphone users with the launch of the latest addition to the immensely popular “Angry Birds” series of games.

SophosLabs recently encountered malware-infected editions of the “Angry Birds Space” game which have been placed in unofficial Android app stores. Please note: The version of “Angry Birds Space” in the official Android market (recently renamed “Google Play”) is *not* affected.

The Trojan horse, which Sophos detects as Andr/KongFu-L, appears to be a fully-functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code.
The Trojan communicates with a remote website in an attempt to download and install further malware onto the compromised Android smartphone.

Android phone with Trojan posing as Angry Birds Space

Interestingly, the malware hides its payload – in the form of two malicious ELF files – at the end of a JPG image file.

Hidden code at end of JPG file

With the malware in place, cybercriminals can now send compromised Android devices instructions to download further code or push URLs to be displayed in the smartphone’s browser.

Effectively, your Android phone is now part of a botnet, under the control of malicious hackers.

It feels like we have to keep reminding Android users to be on their guard against malware risks, and to be very careful – especially when downloading applications from unofficial Android markets.

Source: Android malware poses as Angry Birds Space game


Posted in Naked Security, English-Italian Translations and tagged , , , by with no comments yet.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>