Beware of Trojanized Flappy Bird game
Posted on 11.02.2014
Trojanized versions of Flappy Bird, the mega-popular iPhone and Android game that has recently been pulled from Google Play and Apple's App Store by its creator, have begun popping up on third-party Android markets.

Flappy Bird has become hugely successful in a matter of months - over 50 million users downloaded it, and it reportedly earned Dong Nguyen - its Vietnamese developer - over $50,000 per day through its in-game advertising.

It is still unknown why he decided to pull the addictive app from the two markets on Sunday, while keeping two of his less popular games.

But cyber crooks don't care, and have taken advantage of the huge unmet demand by issuing Trojanized versions of the game.

"Especially rampant in app markets in Russia and Vietnam, these fake Flappy Bird apps have exactly the same appearance as the original version," Trend Micro researchers noted.

"All of the fake versions we’ve seen so far are Premium Service Abusers — apps that send messages to premium numbers, thus causing unwanted charges to victims’ phone billing statements."

Unlike the original version of the app, these ones ask an additional permission from the user: the permission to read, receive and send SMS messages.

Apart from sending out messages to premium service numbers and intercepting and hiding those received in return, these fake Flappy Bird apps are also able to connect to a C&C server through Google Cloud Messaging, and to exfiltrate the information the app has access to on the device: phone number, carrier, Gmail address registered in the device, and so on.

"Other fake versions we’ve seen have a payment feature added into the originally free app. These fake versions display a pop up asking the user to pay for the game. If the user refuses to play, the app will close," the researchers added.

If you are really that interested in playing the game, you can always buy smartphones with the app installed from eBay vendors, or try out the online version of the game.









Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //