Unscrupulous developers are once again using the popularity of Rovio’s Angry Birds games to spread malware. Antivirus company SophosLabs has discovered a trojan called Andr/KongFu-L that hides inside a fully functional, pirated version of Angry Birds Space. The company has found the malware in several third-party Android app stores, but the official version of the game in Google Play is not affected.
Once installed, Andr/KongFu-L uses an exploit in the Android 2.3 operating system to gain root access, allowing the trojan to download more malware and hijack the smartphone’s browser. According to SophosLabs, smartphones infected with the Andr/KongFu-L trojan are “effectively… now part of a botnet, under the control of malicious hackers.”
In the past, malicious apps have been generally used to defraud users through unauthorized charges on their phones bills, but botnets — networks of infected computers — can be used for much more unscrupulous purposes, including click fraud, identify theft, spamming or conducting distributed denial of service attacks. In December, South Korean information security company AhnLab discovered a malicious code named Geinimi in a Chinese third party app store attempting to set up a botnet similar to the one Andr/KongFu-L is creating.
If a smartphone does become part of a botnet, the botnet’s owner can control every function on the infected phone including call monitoring, voice and information capture and the ability to download and install software.
Andr/KongFu-L is not the first piece of to piggyback off Rovio’s mega-hit franchise. In December, Google was forced to remove 22 apps from its official app store — some of which pretended to be free versions of Angry Birds — as part of the RuFraud mobile attack.