"INCA Internet Emergency Response Team collects new foreign malicious files everyday.
As a result those files are enough to respond as a large quantity is steadily increasing."
In case of Angry Bird, booming in in the domestic game for many users, unlocking programs are sharing on the Internet community.
Therefore users playing Angary Bird need caution to avoid being infected.
* What is Angry Birds?
Angry Birds is a puzzle video game developed by Finland-based Rovio Mobile. Inspired primarily by a sketch of stylized wingless birds, the game was first released for Apple's iOS in December 2009.
Since that time, over 12 million copies of the game have been purchased from Apple's App Store, which has prompted the company to design versions for other touchscreen-based smartphones, such as those using the Android operating system, among others.
In case of SK Telecom, leading mobile telecom operator, they made a contract with Rovio Mobile and announced to provide all series including Angry Bird, Angry Bird Season, Angry Bird RIO. LG also outspreads various marketing with using Angry Bird.
Recently malicious files disguised as an Android game are continuously being discovered like below, so it is time to grow security awareness of malicious files. Not only for computers, but for Android smartphones
2. Spreading path and symptoms of infection
* Malicious file masqueraded as an Angry Bird Rio Unlock file
Detected malicious file at this time is masqueraded as an Angry Birds Rio Unlocker file. The following image is installation process.
When the installation is complete, an icon is generated, but trying to execute this app you can see “Game not found”.
Malicious file works malicious behavior while unlock functions are activating in the background, stealing information like Device ID, SDK version information and attempt to send to the Remote Server, and recognized as having an ability to install other malicious applications. Our precision analysis is underway.
Because unlock function can be performed normally, it is hard to recognize sneaking malicious behavior for general user. This following image shows real screen on game after being performed Unlocker function, and we can see that the locked area has been unveiled.
nProtect Mobile for ANDROID products detected as Trojan-Spy/Android.FakeABRUnlocker.A. In addition, we also found other variant malicious sample and can be detected Trojan-Spy/Android.FakeABRUnlocker.A.
3. How to prevent
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.