Flappy Bird clones do nasty things to people’s phones
Rogue versions of the Flappy Bird mobile game have been spotted on third-party app stores, targeting those hungry to get their hands on the hugely popular title that was taken down from official markets last week.
Flappy Bird, a fiendishly difficult platform title, was pulled by its creator last week despite its massive popularity amidst odd circumstances in which he claimed the game had become too addictive. Malicious hackers are now preying on the popularity of the game, producing fake versions that could lead to malware being placed on user devices or hefty phone bills for victims.
Attack of the Flappy Birds
These fake Flappy Birds are “rampant in app markets in Russia and Vietnam”, warned Trend Micro. “All of the fake versions we’ve seen so far are Premium Service Abusers – apps that send messages to premium numbers, thus causing unwanted charges to victims’ phone billing statements,” the firm said in a blog post.
“While the user is busy playing the game, this malware stealthily connects to a C&C server through Google Cloud Messaging to receive instructions. Our analysis of the malware revealed that through this routine, the malware sends text messages and hides the notifications of received text messages with certain content.
“Apart from premium service abuse, the app also poses a risk of information leakage for the user since it sends out the phone number, carrier, Gmail address registered in the device.”
Security firm Malwarebytes also came across some suspicious applications offered on IMVU, a social entertainment website. They drew users into surveys, a common tactic amongst scammers, although they now appear to have been removed.
“At time of writing, the links page above has been ‘disabled’ and all of the offers redirect to blank pages. Flappy Bird may fly no more, but neither will this survey scam,” wrote Chris Boyd, researcher at Malwarebytes.
Users have been warned that with the official Google Play and Apple App Store now bereft of the Flappy Bird, they should not trust new versions.
Are you a security pro? Try our quiz!