All it takes is one dedicated coder to create a game. Such is the case of Dong Nguyen, the guy who stole a bunch of Super Mario World graphics to create one of the most addictive games in the world right now, Flappy Bird. From nothing to overnight viral sensation, Flappy Bird got so big that Nguyen decided to pull the game from the market, citing concerns about its addictive nature (and no doubt due to potential threats from Nintendo about his stolen sprites). When the market finds a gap, it fills it. Without Flappy Bird, other games are stepping in to take its place, but more worryingly, malware-infested versions of Flappy Bird are showing up in third party app stores.
Both Sophos and Trend Micro are telling users to beware of any Flappy Bird apps on third-party Android stores. Apparently, using the compromised Flappy Bird runs up some potentially massive cell phone charges due to texting premium numbers; in addition to that, it also causes information leak because so much of what you do on your phone can be sent back to the compromised servers. Apparently some compromised Flappy Birds installs can get email address, name, phone number, and even cell phone carrier. Other Flappy Birds force users to pay to play after a certain amount of time, turning a free game into a premium game without benefiting the actual creator.
Said Trend Micro, “All of the fake versions we’ve seen so far are Premium Service Abusers — apps that send messages to premium numbers, thus causing unwanted charges to victims’ phone billing statements. As seen below, the fake Flappy Bird app asks for the additional read/send text messages permissions during installation — one that is not required in the original version. And while the user is busy playing the game, this malware stealthily connects to a C&C server through Google Cloud Messaging to receive instructions. Our analysis of the malware revealed that through this routine, the malware sends text messages and hides the notifications of received text messages with certain content.”
So if you have Flappy Bird, play without fear. If you didn’t get your flap on before the game was pulled from servers, it’s probably not a good idea to go looking for an after-market version of the game.
Technorati Tags: fake flappy bird
, flappy bird
, flappy bird android virus
, flappy bird virus
, online security
, trend micro