Fake Flappy Bird App Planted By Hackers To Steal Photos From Your Phone

[Bloodyvalley]

"As far, you have probably heard about the biggest digital exposure of private and very personal nude photographs of as many as 100 female celebrities including Jenny McCarthy, Kristin Dunst, Mary E Winstead, and Oscar winner Lawrence and Kate Upton, that was surfaced on notorious bulletin-board 4chan, and anonymous image board AnonIB over the weekend.

 

It was believed that the group of hackers allegedly taken celebrities photos from their Apple iCloud backups after their iCloud accounts were compromised, but users of devices running Google's Android could have been targeted too.

 

A forum post on anonymous image board AnonIP shows that the group of hackers may have used a cloned Flappy Bird app to steal and collect the naked photos of females from their Android devices and then send them to remote servers.

 

Experts believe that the group may have been stealing and trading nude and very personal photos of more than 100 female celebrities for more than two years, gathered on the “stolen” forum on image board AnonIB.

 

The developer of fake Flappy Bird app took advantage of the user's "carelessness" of granting the permissions to Android apps.

 

The post on a hackers' forum, written in late July this year, was discovered by security consultant Nik Cubrilovic. It detailed how the supposed developer had developed a malware-ridden “clone” of Flappy Bird app for Android devices that would exploit app permissions granted during installation in an effort to steal the photos.

“

I am a fucking genious [sic]… Hear me out. I.. modded… the app,

” the developer explained in the post. “

It now secretly downloads all of the phones pictures to my server when the game is running. Note: this app will only work for android

,” he added.

The developer want to release a copy of cloned Flappy Bird app on the Google’s Play Store but he didn’t want to risk his developer license, as the app violates Google play’s terms. But, to solve the problem, he was searching for a second developer account, specifically created for the purpose of stealing pictures from infected Android devices.

 

He also asked for financial support from his fellow anons in order to make a second Google Play developer account and promises to “post any wins [stolen photos] obtained in this thread.” A new developer licence cost $20.

 

All game is based on the users’ negligence to check the permissions of mobile apps they granted without even knowing of the fact that any app is asking access to your device’ stored photographs. It is extremely phishy, but many of you don’t even pay attention to these details and accept those permissions blindly.

 

Flappy Bird, developed by a 29-year old, Dong Nguyen, was one of the top free gaming apps on Google’s Play Store. But after the developer of Flappy Bird pulled the gaming app from both the Apple and Google app stores, it led to the creation of dozens and dozens of Flappy Bird clones, out of which many identified as malicious."

 

 

Source

 

 

Wow, this is getting pretty serious.

[Trik'Stari]

Possible solution, ban all clothing? (except for fat men and fat women)

[Snickerzz]

Be smart and only download the original flappy shit...

[Arty]

lmao...idiots... they deserve it.., unless its like it a <13 

[BonBon Scott]

I would not want to be that Dong Nguyen bloke. Even with the money he has made from Flappy Bird, he probably still regrets it.

[Trik'Stari]

So if the leak was "the fappening", is this "the flappening"?

[ZeroBreaker]

Not relevant to this, because as far as we know the leaks were only of photos on iCloud. These celebrities were using iPhones. Android for a while now has put up a screen of permissions and possible consequences of such permissions before allowing users to install an app. The leak isn't even the fault of apple software, more apple choices and lack of clarity. Security questions as a password recovery method are retarded. They should have advised better protection.

 

gr8 b8 m8 i r8 8/8

 

Rather than mentioning the mostly unrelated icloud fiasco, we should instead be talking about how we can get consumers to understand these very basic ideas of password protection to prevent future finger-pointing and potential leaks of sensitive information.

[Jogostar]

Possible solution, ban all clothing? (except for fat men and fat women)

that's equality spirit!

[Bloodyvalley]

So if the leak was "the fappening", is this "the flappening"?

you won the internet

[Trik'Stari]

that's equality spirit!

I said women AND men, not just women. I don't wanna see fat guys naked either.

 

you won the internet

Can I get the cash alternative?

[MrSuperb]

Not relevant to this, because as far as we know the leaks were only of photos on iCloud.

 

as far as we know some of those photos might have been pulled from iCloud backups.

[seiny]

TLDR - Do you get the app from google play store?

[Trik'Stari]

Not relevant to this, because as far as we know the leaks were only of photos on iCloud. These celebrities were using iPhones. Android for a while now has put up a screen of permissions and possible consequences of such permissions before allowing users to install an app. The leak isn't even the fault of apple software, more apple choices and lack of clarity. Security questions as a password recovery method are retarded. They should have advised better protection.

 

Rather than mentioning the mostly unrelated icloud fiasco, we should instead be talking about how we can get consumers to understand these very basic ideas of password protection to prevent future finger-pointing and potential leaks of sensitive information.

Use personal responsibility to fight crime? Impossibru, instead they will pass many many laws that do nothing good and essentially ruin the internet even further. Don't ask me how or why, but they will.

 

Why educate people on proper safety rather than just saying "there should be a law!" like everything else this ass backwards country does.

[Sidiox]

So, nothing really new? It could still be the iCloud thing and it has been known for a long time that apps sometimes misuse the privileges given to them, there are many malicious apps that do this kind of crap

[Mooshi]

People still play this...? I thought this fad went out in the way of the USB pet rock.

[ruitti99]

that's equality spirit!

Unrelated:

BTW your profile pic is very, very disturbing

Edited September 7, 2014 by Mitja Redlin

[Mildphil]

so would this even be considered hacking? I mean yeah it was the "hacker's" intention to get the photos, but he couldn't have done it unless the people agreed. So really the way I see it, they are really responsible for the leaks due to the fact that they didn't read the app permissions! Unless if they did and the permissions were false or something, but I believe it to be the first option.