All about Google Chrome & Google Chrome OS

15 Apr 12 Malware Masquerading as Angry Birds Game

Malware authors are using the popularity of the Angry Birds series of games as a way to infect the smartphones of users who download the exploit from unofficial Android app stores, according to a security software firm.

In an April 12 post on SophosLabs’ NakedSecurity blog, Graham Cluley said the Trojan horse masquerades itself as the Angry Birds Space game. When downloaded, the malware installs its malicious code onto the device.

“The Trojan horse, which Sophos detects as Andr/KongFu-L, appears to be a fully functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code,” Cluley wrote. “The Trojan communicates with a remote Website in an attempt to download and install further malware onto the compromised Android smartphone.”

Andr/KongFu-L is a known Android Trojan.

Once the malware is installed and the Android device compromised, cyber-criminals can then send instructions that will lead to more malicious code being downloaded or URLs to be displayed in the smartphone’s browser, he wrote.

“Effectively, your Android phone is now part of a botnet, under the control of malicious hackers,” Cluley wrote.

The Trojan that pretends to be the Angry Birds Space game from Rovio can be downloaded from third-party unofficial Android app stores, though SophosLabs did not name any of those stores. Cluley said the version of Angry Birds Space in the Google Play, Google’s official apps store—formerly called Android Market—is not affected by the malware.

Rovio also posted a warning on its Website about malware-infested versions of the game: “As you get ready to pop pigs in zero gravity, watch out for fake versions of Angry Birds Space, and make sure to download safe by getting the official game from Rovio.”

As smartphones increase in popularity with both enterprise users and consumers, they’re also becoming a growing target of cyber-criminals. According to a report released in February by Juniper Networks, malware specifically targeted at mobile operating systems more than doubled in 2011, growing by 155 percent across all platforms—including Apple’s iOS, Google’s Android, Research In Motion’s BlackBerry and Nokia’s Symbian.

Android saw the biggest leap in malware incidents, according to the Juniper report. Malware targeting Android grew 3,325 percent in the last seven months of 2011, and Android malware accounted for 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition.

According to Juniper, Android’s diverse and open marketplace—where developers can post their apps—and the platform’s growing market share made it an attractive target for cyber-criminals. It has almost half of the mobile operating system market, according to analysts.

“Hackers are incented to target Android, because there are simply more Android devices as compared to the competition,” Daniel Hoffman, chief mobile security evangelist at Juniper, said when his company’s report was released.

Hoffman said Google’s “Bouncer” service, which scans apps in the official Android market place and removes offenders, is making it more difficult for scammers to upload malicious apps. Bouncer, which began operating in the second half of the year, will “certainly help” reduce infection rates from downloads on the official market of known threats, he said.

Sophos’ Cluley said users of Android-based mobile devices need to take care when they decide to download an app.

“It feels like we have to keep reminding Android users to be on their guard against malware risks, and to be very careful—especially when downloading applications from unofficial Android markets,” he said.


Article source:

Tags: , , , , ,

14 Apr 12 Fake Angry Birds Strikes Android Users With Malware

Fake Angry Birds

It’s a trap!

On Thursday, Sophos reported that a malware-packed fake version of Angry Birds Space had “been placed in unofficial Android app stores,” potentially placing millions of Android users at risk.

On Friday, Mashable reported that the malicious software masquerading as “Angry Birds Space,” the latest installment in Rovio’s uber-popular mobile game franchise, had infiltrated the Google Play app store, but that the “official version of Angry Birds Space in Google Play [was] not affected.”

The Huffington Post on Friday contacted a Google spokesman, who said that Google Play was not compromised by malware, and that Google does not control third party content, such as unofficial app stores. HuffPost found that as of press time, three versions of Angry Birds Space were available on Google Play — a free version and two premium versions. All three appeared to be official Rovio versions of the software.

Rovio posted a warning about the malicious imposter app on its blog Thursday, advising users to download only the official version of the game. “As you get ready to pop pigs in zero gravity, watch out for fake versions of Angry Birds Space,” it read.

According to Sophos, the phony app “appears to be a fully-functional version of the popular smartphone game,” except that it installs malicious software on Android that takes over one’s phone.

“Once it’s infiltrated your device, it then begins downloading further malware onto your phone, while enlisting it as part of a botnet,” reports Redmond Pie, which ran a story on the security threat to Android on April 6.

Angry Birds Space was downloaded 3 million times in the three days following its release on March 22, according to Rovio.

Also on HuffPost:

var coords = [-5, -72];
// display fb-bubble
FloatingPrompt.embed(this, html, undefined, ‘top’, {fp_intersects:1, timeout_remove:2000,ignore_arrow: true, width:236, add_xy:coords, class_name: ‘clear-overlay’});

Article source:

Tags: , ,

12 Apr 12 Android virus pretends to be Angry Birds Space

Post Recommended

Washington Post reporters or editors recommend this comment or reader post.

Article source:


04 Apr 12 Update of Android malware uses exploit to take over

LeNa displays what looks like the official Android marketplace once it is on the device.

LeNa displays what looks like the official Android marketplace once it is on the device.



A new variant of a piece of
Android malware dubbed LeNa (Legacy Native) has been modified so that it does not require user interaction to take control of a device, mobile security firm Lookout said today.

LeNa has been seen on alternative Android markets and not Google Play, so its spread will be limited to people who risk those exchanges, particularly Chinese users, Lookout said in a blog post. The malware masquerades as a legitimate app, and the latest version can appear as a fully functional copy of the recently released Angry Birds Space, among other apps.

The original version of LeNa relied on the “SU” utility, which is used by people who have rooted their Android phones to grant super user privileges to apps that request them, which meant that only people who had rooted their devices were at risk, according to Lookout, which protects users against the malware.

“We’ve recently identified a significant update to LeNa that uses the GingerBreak exploit to gain root permissions on a device,” said the Lookout blog post. “By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch).”

Both variants communicate with a command and control server and receive instructions to install additional software and push URLs to be displayed in the browser, specifically “com.the9.gamechannel,” a Chinese-language alternative market that publishes Android games and which was designed to mimic the official Google Play market, Lookout said.

The company advises people to be alert for unusual behaviors on their devices, such as strange charges on the bill, unusual SMS or network activity and applications that launch when the device is locked. Users should also check the permissions an app requests to make sure they match with the functionality of the app. And people should only download apps from reputable app stores and consider using services or apps that scan apps for malicious activity.

Google announced in February that it is scanning apps for malware that are available in the official Android apps market, now called Google Play.

Article source:

Tags: , , ,