by Al Sacco

Android Security Threat of the Week: Angry Birds?!?

Apr 18, 20122 mins
Enterprise ApplicationsMobileMobile Security

If you downloaded the latest version of Angry Birds for Android from an unofficial app store, the software could have compromised your device and granted system control to the Bad Guys, according to a security research firm.

This week’s Android security threat of note is the new version of the insanely popular Angry Birds mobile game: Angry Birds Space. However, you need not worry if you downloaded the app from Google’s official Play Store; the mad avian malware appears to be coming only from unofficial app stores, according to security researcher Sophos.


The sketchy software reportedly packs two malicious ELF files, attached to the end of a JPG image file, and it lets Bad Guys send instructions to infected devices to download more potentially-harmful code or load URLs in those smartphones’ browsers, among other things. Sophos says the Trojan basically makes your device “part of a botnet, under the control of malicious hackers.” And the game works just as it should so you might not suspect any foul play.

From Sophos:

“The Trojan horse…appears to be a fully-functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code. The Trojan communicates with a remote website in an attempt to download and install further malware onto the compromised Android smartphone.”

This type of threat isn’t exactly new or different; malware creators have been repackaging popular apps like Angry Birds with harmful code for quite some time, and anyone who installs apps from third-party app stores should know that they’re taking a chance with every download. In fact, Android users can’t install third-party apps at all without either “rooting” their devices and/or enabling a specific system setting that warns them of the dangers of installing apps from unofficial sources.

In general, it’s wise to download Android apps only from Google’s Play Store, but if you must use a third-party you should know that you may end up paying more for that free download than the dollar or two Google’s charging in its store.

(Check out my last few Android Security Threat of the Week stories: 03.23.12; 3.15.12; and 03.02.12.)