Beware! Flappy Bird fake apps are stealing money for cybercriminals

Flappy BirdLate last week, I heard some people raving about a smartphone game called Flappy Bird.

I felt like a social outcast not knowing what it was, and downloaded it to give it a try.

Sorry to be a party-pooper but I couldn't see what the fuss was all about.

After about three minutes I erased the game from my phone, irritated by the intrusive advertising banners it popped up over the screen (the Vietnamese maker of the game is reported to have made $50,000 per day from the ads) and the dull unenticing gameplay.

But, apparently, I'm in the minority.

Many many people are utterly enhanted by Flappy Bird, became addicted to beating their high scores, and went into shock when headlines revealed that the game's creator, Dong Nguyen, had decided to withdraw it from app stores.

Some chancers even offered iPhones for sale on eBay, complete with Flappy Bird already installed for those folks who might be tempted to pay over the odds for the chance to play the hit game.

And, like other hot apps before it, cybercriminals saw an opportunity to make money for themselves.

As Trend Micro reports, fake Android versions of Flappy Bird have been spread online, designed to steal money for online criminals.

The apps, which have been particularly rampant in unofficial Android app marketplaces in Russia and Vietnam, attempt to send SMS messages to premium rate services and then hide the responses from the phone's owners.

In this way, the fraudsters earn money without the game player realising.

Permissions required by fake Flappy Bird app

This scam only works for criminals because users don't properly check an Android app's permissions before allowing it to install.

If possible always get your Android apps from the official Google Play store. Although there have been cases of malware and shady apps getting into the official store, generally it's a lot safer to download Android apps from there than elsewhere.

Also, see how many reviews an app has received - and check them out before downloading it to your Android phone. If it's a popular app like Candy Crush Saga or Instagram or Angry Birds you would expect there to be plenty of reviews. If it doesn't have any reviews, but is a well-known app, there's a chance that you're looking at a fake version which might have sinister intentions.

And, regardless of where you source your Android apps from, always check the permissions that your app requests. You should ask yourself, would a simple game *really* require need to send (potentially expensive) SMS messages?

A little common sense can go a long way. Unlike that bloody flapping bird...

Tags: , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episodes:

, , , , ,

No comments yet.

Leave a Reply