The hacker ring behind last week's celebrity nude self iCloud privacy flap also planned to use malware to obtain private photographs from compromised Android phones.
The hackers swapped snaps on the /stol/ (short for “stolen”) forum on image board AnonIB, a spinoff of the notorious 4chan, including intimate snaps of Jennifer Lawrence, Kate Upton and scores of other female celebs. Writing in late July, a denizen of the forum proposed what he described as the "genius" idea of using malware.
Specifically, the miscreant claimed to have developed a fake Flappy Bird app that steals people's photos from Android phones before uploading the data to a server under his control.
I have developed a flappybird clone. Hear me out. I.. modded.. the app.
It now secretly downloads all of the phones pictures to my server when the game is running.
It's unclear whether or not the scheme was carried out, but what it does show is that snoopy hackers were looking into multiple ways to obtain indecent pictures before the hacking of celeb iCloud accounts made worldwide news last week.
The joker behind the Android malware ruse wrote that he wanted to find collaborators because he doesn't want to risk losing his main licence for spreading malware. If successful, the plot would target young women in general rather than just celebrities targeted by the iCloud image ripping blamed for last week's privacy flap.
In fact, anybody who stored private photos on their smartphone would be at risk if they installed the app. That's assuming that the ruse is genuine. It may be that the dodgy developer is seeking to scam would-be perverts out of money supposedly needed to set up spare developer accounts.
The genuine Flappy Bird game, written by developer Dong Nguyen, has been one of the big hits of the year thanks to its addictive gameplay.
"Scores of copycat rip-offs of the game exist in the Android Google Play store, and although it’s not known if the hacker’s plan was ever put into action – it’s certainly plausible that it would work," writes security expert Graham Cluley on BitDefender's Hot For Security blog.
"The problem is, of course, that firstly, Google doesn’t police its app store anything like as strongly as Apple, but also that users are all too willing to grant permission to their Android apps to access all manner of parts of their smartphone without questioning if it’s appropriate for a game to – say – send SMS message or (in this scenario) access your photographs," he added. ®