Android Malware Hides in Angry Birds Space

Angry Birds is one of the most well known games in the world and its most recent version, Angry Birds Space, which launched on 22 March, was downloaded 10 million times in just three days. However, a malicious version of the game has been discovered, putting smartphones and tablets at risk.

According to NakedSecurity, SophosLabs has discovered malware infected editions of "Angry Birds Space" on unofficial Android app stores. They have detected a trojan, which has been identified as Andr/KongFu-L.

The bug appears to be a fully-functional edition of the well-liked game but uses the GingerBreak program to grant itself root access to the smartphone and then installs malicious codes.

Sophos has found that the malware hides its payload in the form of two ELF files, which are found at the end of a JPEG file. If the app gains root access, then it is easy to install extra software without providing any further notification to the users.

The trojan will communicate with a remote website in an attempt to download and then install further malware onto the compromised Android device.

"Effectively, one's Android smartphone is now a part of a botnet, which is under control of hackers," said Graham Cluley, a senior technology consultant at Sophos, who also said: "It feels like we have to keep reminding Android users to be on their guard against malware risks and to be very careful when downloading applications from unauthorized Android markets."

Meanwhile, according to NakedSecurity, the malware will allow the hackers to push certain URLs to the Android smartphone's browser, meaning the user will no longer be able to control his/her device.

On 12 April, Rovio's blog cautioned gamers to watch out for fake versions of Angry Birds Space and to download the game only from Rovio's website or from the Android Market, in order to avoid fake programs and harmful attacks aimed at tampering with their devices. Moreover, the users should read the reviews of the app as well as permissions before downloading.

Earlier this week, research from Trend Micro revealed that Android was the least secure of the top four mobile phone operating system, with the ability to install apps from anywhere pinpointed as one of its critical flaws.