Cold-hearted hackers are taking advantage of a popular iPhone game in their attempt to infect Windows users.
Cybercriminals have resorted to spamming out emails with subject lines such as “Virtual iPhone games!”, “Take a break!”, “Apple: The most popular game!”, “Virtual iPhone toys!”, and “Beet my score! (7000 points)!”.
Attached to the emails is a file called Penguin.Panic.zip, posing as a version of the penguin-starring platform game for the Apple iPhone. In the real game, a penguin leaps from iceberg to iceberg, avoiding falling stalactites – great entertainment in the Super Mario tradition. The file attached to the email, however, is something far less fun.
Sophos detects the enclosed file as the Troj/Agent-HNY Trojan horse. It’s important to note that this Trojan only works on Windows PCs – we haven’t seen any versions which will run on Mac OS X, Apple iPhone or other mobile devices.
Users of other vendors’ anti-virus products would be wise to check their vendor to see if a protection update is available.
Here’s a typical example of a malicious email sent as part of the campaign :
Games, of course, are hugely popular with people young and old these days – and there is a real buzz about games on the new Apple iPhone, especially because of the new AppStore and the device’s use of an accelerometer to introduce some Nintendo-like innovative gameplay.
Hackers, it seems, are jumping on the bandwagon of the iPhone phenomenon and using it as a springboard to infect innocent users. Some people might have played Penguin Panic on their Apple iPhone or another portable device, and be keen to have it on the desktop of their Windows work PC too.
As always, you should exercise extreme caution if you receive an email like this – and never run unsolicited attachments.