12345

6/13/2011

[Warning] Identified android malicious file masqueraded as an Angry Birds Rio Unlocker file

1. Introduction

Being detected android malicious file masqueraded as an unlocker program file of “Angry Birds Rio”, World-wide popular game in the Android smart phone, needs user’s caution.
"INCA Internet Emergency Response Team collects new foreign malicious files everyday.
As a result those files are enough to respond as a large quantity is steadily increasing."
In case of Angry Bird, booming in in the domestic game for many users, unlocking programs are sharing on the Internet community.
Therefore users playing Angary Bird need caution to avoid being infected.



* What is Angry Birds?

Angry Birds is a puzzle video game developed by Finland-based Rovio Mobile. Inspired primarily by a sketch of stylized wingless birds, the game was first released for Apple's iOS in December 2009.

Since that time, over 12 million copies of the game have been purchased from Apple's App Store, which has prompted the company to design versions for other touchscreen-based smartphones, such as those using the Android operating system, among others.

In case of SK Telecom, leading mobile telecom operator, they made a contract with Rovio Mobile and announced to provide all series including Angry Bird, Angry Bird Season, Angry Bird RIO. LG also outspreads various marketing with using Angry Bird.

Recently malicious files disguised as an Android game are continuously being discovered like below, so it is time to grow security awareness of malicious files. Not only for computers, but for Android smartphones

2. Spreading path and symptoms of infection

* Malicious file masqueraded as an Angry Bird Rio Unlock file

Detected malicious file at this time is masqueraded as an Angry Birds Rio Unlocker file. The following image is installation process.




When the installation is complete, an icon is generated, but trying to execute this app you can see “Game not found”.


If Angry Bird Rio game has been installed, Unlocker function is performed normally.



Malicious file works malicious behavior while unlock functions are activating in the background, stealing information like Device ID, SDK version information and attempt to send to the Remote Server, and recognized as having an ability to install other malicious applications. Our precision analysis is underway.

Because unlock function can be performed normally, it is hard to recognize sneaking malicious behavior for general user. This following image shows real screen on game after being performed Unlocker function, and we can see that the locked area has been unveiled.


nProtect Mobile for ANDROID products detected as Trojan-Spy/Android.FakeABRUnlocker.A. In addition, we also found other variant malicious sample and can be detected Trojan-Spy/Android.FakeABRUnlocker.A.

3. How to prevent

To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

1 comment:

  1. This was a really great read, appreciation for taking the time to put it together! Touched on some very good...

    ReplyDelete