The Hacker News Logo
Subscribe to Newsletter

Fake Flappy Bird App Planted by Hackers to Steal Photos from Device

Fake Flappy Bird App Planted by Hackers to Steal Photos from Device
As far, you have probably heard about the biggest digital exposure of private and very personal nude photographs of as many as 100 female celebrities including Jenny McCarthy, Kristin Dunst, Mary E Winstead, and Oscar winner Lawrence and Kate Upton, that was surfaced on notorious bulletin-board 4chan, and anonymous image board AnonIB over the weekend.

It was believed that the group of hackers allegedly taken celebrities photos from their Apple iCloud backups after their iCloud accounts were compromised, but users of devices running Google's Android could have been targeted too.

A forum post on anonymous image board AnonIP shows that the group of hackers may have used a cloned Flappy Bird app to steal and collect the naked photos of females from their Android devices and then send them to remote servers.

Experts believe that the group may have been stealing and trading nude and very personal photos of more than 100 female celebrities for more than two years, gathered on the “stolen” forum on image board AnonIB.

The developer of fake Flappy Bird app took advantage of the user's "carelessness" of granting the permissions to Android apps.

The post on a hackers' forum, written in late July this year, was discovered by security consultant Nik Cubrilovic. It detailed how the supposed developer had developed a malware-ridden “clone” of Flappy Bird app for Android devices that would exploit app permissions granted during installation in an effort to steal the photos.
I am a fucking genious [sic]… Hear me out. I.. modded… the app,” the developer explained in the post. “It now secretly downloads all of the phones pictures to my server when the game is running. Note: this app will only work for android,” he added.
The developer want to release a copy of cloned Flappy Bird app on the Google’s Play Store but he didn’t want to risk his developer license, as the app violates Google play’s terms. But, to solve the problem, he was searching for a second developer account, specifically created for the purpose of stealing pictures from infected Android devices.

He also asked for financial support from his fellow anons in order to make a second Google Play developer account and promises to “post any wins [stolen photos] obtained in this thread.” A new developer licence cost $20.

All game is based on the users’ negligence to check the permissions of mobile apps they granted without even knowing of the fact that any app is asking access to your device’ stored photographs. It is extremely phishy, but many of you don’t even pay attention to these details and accept those permissions blindly.

Flappy Bird, developed by a 29-year old, Dong Nguyen, was one of the top free gaming apps on Google’s Play Store. But after the developer of Flappy Bird pulled the gaming app from both the Apple and Google app stores, it led to the creation of dozens and dozens of Flappy Bird clones, out of which many identified as malicious.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.