Fake Snake Game Brings the PinePhone Malware
The PinePhone is an innovative smartphone product, which is being sold by the manufacturers situated in Hong Kong. The unique thing about this mobile device is that it uses a privacy-oriented, and mostly clean version of Linux. This means that it is an ideal choice for users who do not wish to deal with the severely limited iOS devices, or the Android phones bloated with all sorts of software. Furthermore, the usage of the PinePhone is meant to enhance the user's privacy online. However, it would appear that this device is already being targeted by cybercriminals, despite being on the market for a short period of time. The newly identified PinePhone Malware was first seen in a dedicated IRC (Internet Relay Chat) frequented by PinePhone owners and enthusiasts.
What is the PinePhone Malware?
Before we talk a bit about this malware's functionality, it is important to mention how it is spread. The first encounter with this malware happened on the aforementioned IRC channel. A user by the name '[Ubuntu]' claimed to be a game developer, and linked a Snake game for PinePhone owners to enjoy. However, they added that the project is not finished yet, hence why the source code is not available. While this raised flags for many users, there were also some PinePhone owners who immediately decided to try the classic game on their PinePhone device.
It is important to add that the Snake game did work, and users were unlikely nothing out of the ordinary. However, researchers found some hidden code in the software package, which appeared to have malicious intent. It created a cron job (Linux's variant of scheduled tasks) that commanded the system to run a set of commands that would wipe the device clean. But since the malicious package runs with administrator privileges, it would not just delete files and data – the whole firmware of the PinePhone would be wiped.
Thankfully, the new and simple PinePhone Malware was caught on time. However, it does raise concerns about the security of the PinePhone. Clearly, it does not have the automated defense mechanisms of Android or iOS – users must take care of their device's security on their own. As long as they do not install unknown packages without verifying their contents first, they are unlikely to come across the PinePhone Malware.