Since the creator of “Flappy Birds” voluntarily took down his immensely popular game early this week, Trend Micro threat defense experts quickly discovered that cyber-scammers replaced the game with trojanized, malicious versions of the app in the Google Android store. All of the fake apps were detected as Premium Service Abusers, which cause unwanted charges to victims’ phone billing statements.
Trend Micro provides details of its research in a new blog post, outlining the dangers of the fake “Flappy Birds” apps. Highlights include:
Cybercriminals feathering their nests:
We advise Android users (especially those who are keen to download the now “extinct” Flappy Bird app) to be careful when installing apps. Cybercriminals are constantly cashing in on popular games (like Candy Crush, Angry Birds Space, Temple Run 2, and Bad Piggies) to unleash mobile threats.
Fake apps, fake phone calls, victims’ phone bills soaring
…we found a bunch of fake Android Flappy Bird apps spreading online. Especially rampant in app markets in Russia and Vietnam, these fake Flappy Bird apps have exactly the same appearance as the original version.
All of the fake versions we’ve seen so far are Premium Service Abusers — apps that send messages to premium numbers, thus causing unwanted charges to victims’ phone billing statements. (The fake) Flappy Bird app asks for the additional read/send text messages permissions during installation — one that is not required in the original version.
Apps laying rotten eggs; Trend Micro issues warnings of other “Flappy Bird” dangers
Apart from premium service abuse, the app also poses a risk of information leakage for the user since it sends out the phone number, carrier, Gmail address registered in the device.
Other fake versions we’ve seen have a payment feature added into the originally free app. These fake versions display a pop up asking the user to pay for the game. If the user refuses to play, the app will close.
These fakes, so far, have only been found on the Google Android Store. Anyone with an Android device should be careful on what they download and only download Apps from trusted developers. Parents should also monitor what their children are doing.
Editor’s note: Do to Apple’s strict guidelines and thorough testing of every App submitted to the App Store, these malicious apps have not been detected.