Beware of Trojanized Flappy Bird game
Posted on 11.02.2014
Trojanized versions of Flappy Bird, the mega-popular iPhone and Android game that has recently been pulled from Google Play and Apple's App Store by its creator, have begun popping up on third-party Android markets.

Flappy Bird has become hugely successful in a matter of months - over 50 million users downloaded it, and it reportedly earned Dong Nguyen - its Vietnamese developer - over $50,000 per day through its in-game advertising.

It is still unknown why he decided to pull the addictive app from the two markets on Sunday, while keeping two of his less popular games.

But cyber crooks don't care, and have taken advantage of the huge unmet demand by issuing Trojanized versions of the game.

"Especially rampant in app markets in Russia and Vietnam, these fake Flappy Bird apps have exactly the same appearance as the original version," Trend Micro researchers noted.

"All of the fake versions we’ve seen so far are Premium Service Abusers — apps that send messages to premium numbers, thus causing unwanted charges to victims’ phone billing statements."

Unlike the original version of the app, these ones ask an additional permission from the user: the permission to read, receive and send SMS messages.

Apart from sending out messages to premium service numbers and intercepting and hiding those received in return, these fake Flappy Bird apps are also able to connect to a C&C server through Google Cloud Messaging, and to exfiltrate the information the app has access to on the device: phone number, carrier, Gmail address registered in the device, and so on.

"Other fake versions we’ve seen have a payment feature added into the originally free app. These fake versions display a pop up asking the user to pay for the game. If the user refuses to play, the app will close," the researchers added.

If you are really that interested in playing the game, you can always buy smartphones with the app installed from eBay vendors, or try out the online version of the game.









Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //