Bogus Angry Birds Apps on the Google Marketplace
Bogus Angry Birds Apps on the Google Marketplace are being used to distribute Malware. Andrew Brandt, lead threat research analyst at Webroot, had this to say about the code dubbed “Plankton”
[quote]It has the ability to remotely access a command-and-control [C&C] server for instructions, and upload additional payloads. It uses a very stealthy method to push any malware it wants to phone.[/quote]
The code was first found by Xuxian Jiang, who is the Assistant Professor in Computer Science at North Carolina State University. Unlike other malicious code found in the Marketplace, Plankton does not rely on getting “root” access to the device. Instead, once installed, Plankton can call in other files from a hacker-controlled server, including ones that would exploit one or more unpatched Android bugs. It also harvests data from the phone, including the bookmarks, bookmark history and home page of the device’s built-in browser.
All 10 of the apps that Google pulled after Jiang’s report purported to be add-ons or cheats for the popular mobile game “Angry Birds” from Finnish game company Rovio. None of the apps actually provided their promised functionality, however, but were simply the delivery vehicles for Plankton.
This is not the first attack code removed by Google from its Marketplace.