Hackers distribute Trojan as iPhone game

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Penguin Panic icon

Cold-hearted hackers are taking advantage of a popular iPhone game in their attempt to infect Windows users.

Cybercriminals have resorted to spamming out emails with subject lines such as “Virtual iPhone games!”, “Take a break!”, “Apple: The most popular game!”, “Virtual iPhone toys!”, and “Beet my score! (7000 points)!”.

Attached to the emails is a file called Penguin.Panic.zip, posing as a version of the penguin-starring platform game for the Apple iPhone. In the real game, a penguin leaps from iceberg to iceberg, avoiding falling stalactites – great entertainment in the Super Mario tradition. The file attached to the email, however, is something far less fun.

Sign up to our free newsletter.
Security news, advice, and tips.

Sophos detects the enclosed file as the Troj/Agent-HNY Trojan horse. It’s important to note that this Trojan only works on Windows PCs – we haven’t seen any versions which will run on Mac OS X, Apple iPhone or other mobile devices.

Users of other vendors’ anti-virus products would be wise to check their vendor to see if a protection update is available.

Here’s a typical example of a malicious email sent as part of the campaign :

malicious iPhone email

Games, of course, are hugely popular with people young and old these days – and there is a real buzz about games on the new Apple iPhone, especially because of the new AppStore and the device’s use of an accelerometer to introduce some Nintendo-like innovative gameplay.

Hackers, it seems, are jumping on the bandwagon of the iPhone phenomenon and using it as a springboard to infect innocent users. Some people might have played Penguin Panic on their Apple iPhone or another portable device, and be keen to have it on the desktop of their Windows work PC too.

As always, you should exercise extreme caution if you receive an email like this – and never run unsolicited attachments.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.