Android malware poses as Angry Birds Space game

Angry Birds SpaceAndroid malware authors have seized an opportunity to infect unsuspecting smartphone users with the launch of the latest addition to the immensely popular “Angry Birds” series of games.

SophosLabs recently encountered malware-infected editions of the “Angry Birds Space” game which have been placed in unofficial Android app stores. Please note: The version of “Angry Birds Space” in the official Android market (recently renamed “Google Play”) is *not* affected.

The Trojan horse, which Sophos detects as Andr/KongFu-L, appears to be a fully-functional version of the popular smartphone game, but uses the GingerBreak exploit to gain root access to the device, and install malicious code.

The Trojan communicates with a remote website in an attempt to download and install further malware onto the compromised Android smartphone.

Sign up to our free newsletter.
Security news, advice, and tips.

Android phone with Trojan posing as Angry Birds Space

Interestingly, the malware hides its payload – in the form of two malicious ELF files – at the end of a JPG image file.

Hidden code at end of JPG file

With the malware in place, cybercriminals can now send compromised Android devices instructions to download further code or push URLs to be displayed in the smartphone’s browser.

Effectively, your Android phone is now part of a botnet, under the control of malicious hackers.

It feels like we have to keep reminding Android users to be on their guard against malware risks, and to be very careful – especially when downloading applications from unofficial Android markets.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.