Android Security Threat of the Week: Angry Birds?!?
If you downloaded the latest version of Angry Birds for Android from an unofficial app store, the software could have compromised your device and granted system control to the Bad Guys, according to a security research firm.
By Al Sacco
Managing Editor, CIO
This week’s Android security threat of note is the new version of the insanely popular Angry Birds mobile game: Angry Birds Space. However, you need not worry if you downloaded the app from Google’s official Play Store; the mad avian malware appears to be coming only from unofficial app stores, according to security researcher Sophos.
The sketchy software reportedly packs two malicious ELF files, attached to the end of a JPG image file, and it lets Bad Guys send instructions to infected devices to download more potentially-harmful code or load URLs in those smartphones’ browsers, among other things. Sophos says the Trojan basically makes your device “part of a botnet, under the control of malicious hackers.” And the game works just as it should so you might not suspect any foul play.
“The Trojan horse…appears to be a fully-functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code. The Trojan communicates with a remote website in an attempt to download and install further malware onto the compromised Android smartphone.”
This type of threat isn’t exactly new or different; malware creators have been repackaging popular apps like Angry Birds with harmful code for quite some time, and anyone who installs apps from third-party app stores should know that they’re taking a chance with every download. In fact, Android users can’t install third-party apps at all without either “rooting” their devices and/or enabling a specific system setting that warns them of the dangers of installing apps from unofficial sources.
In general, it’s wise to download Android apps only from Google’s Play Store, but if you must use a third-party you should know that you may end up paying more for that free download than the dollar or two Google’s charging in its store.
Al Sacco was a journalist, blogger and editor who covers the fast-paced mobile beat for CIO.com and IDG Enterprise, with a focus on wearable tech, smartphones and tablet PCs. Al managed CIO.com writers and contributors, covered news, and shared insightful expert analysis of key industry happenings. He also wrote a wide variety of tutorials and how-tos to help readers get the most out of their gadgets, and regularly offered up recommendations on software for a number of mobile platforms. Al resides in Boston and is a passionate reader, traveler, beer lover, film buff and Red Sox fan.