SophosLabs recently encountered malware-infected editions of the “Angry Birds Space” game which have been placed in unofficial Android app stores.
The Trojan horse, which Sophos detects as Andr/KongFu-L, appears to be a fully-functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code.
The Trojan communicates with a remote website in an attempt to download and install further malware onto the compromised Android smartphone.
Interestingly, the malware hides its payload – in the form of two malicious ELF files – at the end of a JPG image file.
With the malware in place, cybercriminals can now send compromised Android devices instructions to download further code or push URLs to be displayed in the smartphone’s browser.
Effectively, your Android phone is now part of a botnet, under the control of malicious hackers.
It feels like we have to keep reminding Android users to be on their guard against malware risks, and to be very careful – especially when downloading applications from unofficial Android markets.