Angry Birds Transformers Trojan targets Android, warns ‘Obey or be hacked’

Malware targeting Android devices pretends to be the new Angry Birds Transformers game, but wipes data from the device's storage, blocks the Facebook app, WhatsApp, Google Hangouts and text messages, spamming friends every five seconds with the same warning the owner sees: 'Obey or Be Hacked.'

“Obey or be hacked” is the warning that pops up on some Android devices that have downloaded Angry Birds Transformers from “dubious” sources. That’s not the end of it as the Trojan spotted in the wild also wipes the memory card, intercepts text messages, blocks certain communication apps and sends text messages to all contacts listed on the compromised device in the form of “Hey!! [contact name] Elite has hacked you. Obey or be hacked.”

Angry Birds Transformers is supposed to be released on October 15, 2014 for iOS and October 30, 2014 for Android. The game featuring six Autobirds and five Deceptihogs is the tenth installment in the Angry Birds series. Why would anyone be looking for a freebie version now? Because the game was previously released on iOS during a soft launch in New Zealand and Finland.

There are several peculiar aspects to the Trojan, starting with the fact that it was not designed to steal financial data. Russian antivirus researchers from Doctor Web called the “Android.Elite.1.origin” malware a “vandal program” and likened it to old school malicious coding that was more about “bragging rights than material gain.” Another oddity is that the “rare and unusual program” is not aimed at Windows PCs, but instead targets Android smartphones and tablets.

Users may believe they have downloaded Angry Birds Transformers as indicated by the icon once the program is installed.

Angry Birds Transformer Trojan targets Androids Doctor Web

Doctor Web reported:

Once Android.Elite.1.origin has been launched, it attempts to force the user into granting it access to the mobile device’s administrative features which are supposedly required to complete the application’s installation properly. If successful, the program immediately commences formatting the available SD card by wiping all the data stored on it. After that, the malware waits for popular messengers to be launched.

Whenever the user attempts to start an official Facebook client, WhatsApp Messenger, Hangouts or the standard SMS application, Android.Elite.1.origin will block their active window by displaying the message OBEY or Be HACKED. The malware blocks only these programs and doesn't interfere with the operation of other applications or the OS.

There’s a few more tricks, including hiding SMS notifications from the user, yet sending out an “Obey or be hacked” SMS auto-reply to any incoming texts. With messenger apps blocked, there’s no sending a quick message in order to explain. Owners of infected Android devices will likely tick off their friends and business contacts as the Trojan spams them every five seconds with the “Obey or be hacked” text message. Depending upon the user’s wireless data plan, this could quickly burn through the limit and result in an excessive bill.

Symantec discovered the Transformers Trojan yesterday (October 5), called it “Android.Habey” and added antivirus protection. The Angry Birds Transformers Trojan seems to be the same, however, as it will request permissions to gain administrator access when it is being installed. Symantec added that once it executed, “the Trojan then displays an image of the Android mascot with a Guy Fawkes mask and a gun along with the message ‘OBEY or Be Hacked’.” Besides texting a similar message to all friends/contacts on the infected device, the Trojan deletes data on storage cards, intercepts “communications sent through SMS messages and apps such as WhatsApp, Facebook, and Google Talk,” and registers “broadcast receivers so that they automatically start every time the compromised device restarts.”

Be wise about where you download your apps as Angry Birds Transformers will officially launch this month.  

The official game release follows Rovio Entertainment’s announcement that it is laying off 130 people, which is roughly 16% of its workforce. “Reigniting growth” was cited as the reason for the layoff. At the start of 2014, hackers defaced the official Angry Birds site so it instead showed “Spying Birds.” The defacement came after reports claiming NSA and GCHQ were collecting data from the popular game and other mobile apps. Rovio denied providing end user data to government surveillance agencies.

Copyright © 2014 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon