Fake Flappy Bird Will Peck a Hole in Your Wallet

Flappy Bird is making massive headlines this week after its creator took the game down because it was so addictive. Gamers started looking for the popular app elsewhere and some got more than they bargained for: malware.

Cybercriminals are taking advantage of Flappy Bird flying away and are pushing out clones that contain malicious software. ItEUs reportedly hard to tell the difference between the real game and the fake. But the phony apps are sending expensive text messages using a victimEUs phone number.

EUAll of the fake versions weEUve seen so far are premium service abusers -- apps that send messages to premium numbers, thus causing unwanted charges to victimsEU phone billing statements,EU Veo Zhang, a mobile threats analyst at Trend Micro, wrote in a blog post. EUThe fake Flappy Bird app asks for the additional read/send text messages permissions during installation -- one that is not required in the original version.EU

How it Works

While the user is busy playing the game, this malware stealthily connects to a C&C [command & control] server through Google Cloud Messaging to receive instructions, Zhang reports. Trend MicroEUs analysis of the malware revealed that through this routine, the malware sends text messages and hides the notifications of received text messages with certain content.

EUApart from premium service abuse, the app also poses a risk of information leakage for the user since it sends out the phone number, carrier, Gmail address registered in the device,EU Zhang said. EUOther fake versions weEUve seen have a payment feature added into the originally free app. These fake versions display a pop up asking the user to pay for the game. If the user refuses to play, the app will close.EU

A Viral Marketing Boost

Paul Ducklin, a security researcher at Sophos, said allowing "off-market" app installs is a non-default option, and it produces a...

Comments are closed.