It’s a good idea to be savvy about what you’re installing on a phone that stores your contacts, your emails and your bank transactions. According to Sophos’ blog nakedsecurity, Android phones which install Angry Birds through unofficial app stores may be infected with the Andr/KongFu-L malware. The clean version is available in the Google Play market, published by “Rovio Mobile Ltd.”
Nakedsecurity explains that while the app appears to work normally, it contains a hidden payload that takes advantage of “the GingerBreak exploit to gain root access to the device, and install malicious code.” The trojan then acts as a backdoor to install more malicious code on the infected phone.
There are currently no instructions on how to remove the Andr/KongFu-L trojan, but since the malware takes root access to your phone, I would recommend a complete factory reset. If you’ve installed a version of Angry Birds Space from an unofficial source and you think your phone is affected, back up all the information you don’t want to lose (contacts, notes, etc), and go to Settings → Privacy → Factory Data Reset. In addition to all your apps, this should completely remove the threat.
While this trojan takes advantage of the GingerBreak exploit, it’s not the fault of the Android rooting community. The modding community looks for existing vulnerabilities in their own phones because Google won’t hand over the keys. If there was an official option for gaining root access, black hat coders wouldn’t have modder code to work with and would have to find the exploits themselves.