Skip to main content

Hackers create Flappy Bird scam in bid to steal more celebrity pictures

Following the iCloud security scandal, in which naked images of numerous celebrities were posted online, it has emerged that hackers also conspired to steal private pictures from Android users.

Blogger Nic Cubrilovic revealed the plot, which uses an infected version of the popular app Flappy Bird, in a tweet (opens in new tab)last week.

Read more: Warning! Flappy Bird downloads riddled with viruses (opens in new tab)

He announced that an unidentified hacker had modded the app to secretly download all the phone's pictures while the user played the game. The app was ultimately not released as the user feared losing his developer licence.

The news highlights the extent of the threat from hackers, particularly in light of the "Celebgate" scandal, where celebrities such as Jennifer Lawrence, Cara Delevigne and Kate Upton had their private images leaked.

The pictures were originally posted on the imageboard site 4chan, before spreading to other websites. While Apple CEO Tim Cook has promised security reforms (opens in new tab), he refused to blame lax security measures for the leaked images.

James Lyne, head of research at security firm Sophos, said that despite the recent scandal, Apple's security measures are generally considered more robust than those used by Android.

"At the core of iOS defence against malware is the fact that apps are only distributed via the AppStore, with the ability for Apple to revoke any application (even after deployment), if it is found to be negative in some way," he added.

"The Android application system by comparison is less mature and has been a breeding ground for malicious application clones such as this. Of course, Apple is not immune; the recent celebrity hacks demonstrate that you can attack other infrastructure surrounding the device such as the cloud-based backups of data."

Read more: FBI investigating nude celebrity picture leaks (opens in new tab)

Security firm Symantec also revealed that a major botnet campaign has begun in order to steal users' Apple IDs. It is likely that the campaign aims to exploit customers' security fears before Apple's improved defences are implemented in two weeks' time. .

Barclay has been writing about technology for a decade, starting out as a freelancer with IT Pro Portal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.