With the take down of Flappy Bird from the app market (for iOS and Play Store), more Flappy Bird wannabe apps are appearing on these stores. They are actually quite harmless. However, Trend Micro issued a media alert warning that a new form of scams are appearing in these stores leveraging on the success of Flappy Bird.
These fake Android Flappy Bird apps are similar in appearance as the original version. Check out the icon. They are similar.
According to Trend Micro, these fake apps are rampant in Russia and Vietnam. The report mentions that the fake apps are Premium Service Abusers — apps that send messages to premium numbers, thus causing unwanted charges to victims’ phone billing statements.
As seen below, the fake Flappy Bird app asks for the additional read/send text messages permissions during installation — one that is not required in the original version.
After the game is installed and launched, the app will then begin sending messages to premium numbers:
From Trend Micro:
And while the user is busy playing the game, this malware stealthily connects to a C&C server through Google Cloud Messaging to receive instructions. Our analysis of the malware revealed that through this routine, the malware sends text messages and hides the notifications of received text messages with certain content.
Apart from premium service abuse, the app also poses a risk of information leakage for the user since it sends out the phone number, carrier, and Gmail address registered in the device.
Other fake versions we’ve seen have a payment feature added into the originally free app. These fake versions display a pop up asking the user to pay for the game. If the user refuses to play, the app will close.
These fake Flappy Bird apps are now detected as ANDROIDOS_AGENT.HBTF, ANDROIDOS_OPFAKE.HATC, and ANDROIDOS_SMSREG.HAT.
We advise Android users (especially those who are keen to download the now “extinct” Flappy Bird app) to be careful when installing apps.
For more details on the above, please visit http://blog.trendmicro.com/