Where there is demand, there is always illegitimate supply.  The surprised delisting and removal of Flappy Bird from Google Play by creator Dong Nguyen has created a void good enough for cyber criminals to fill in.  The Flappy Bird which went viral as soon as it was published by Dong was taken down by him due to some personal and stress related reasons but the same reasons have given the malware makers a smile.

Owing to the popularity of the Flappy Bird and its sudden removal from Google Play have provided the cyber criminal with a jackpot as far as distributing malware is concerned.  Security Analysts today uncovered several versions of Flappy Bird making round s online containing heavily armed trojans and malware.  Though several versions of the trojanized Android Apps are available the most powerful is the one that once installed starts sending predefined SMSes to numbers who charge per SMS rates or premium rate numbers.
Cybercriminals make hay while the Sun shines on Flappy Bird, Malicious Versions of Flappy Bird Game Send SMSs to Premium Rate Numbers
The rogue versions of Flappy Bird are already being downloaded by thousands by the unsuspecting users.  The recent publicity regarding its take down and Dong’s revelations have only added the hype regarding Flappy Bird.  Also the news of a used iPhone having Flappy Bird going for $100,000 on ebay has added to the hype (ebay has since taken down the item).  The reports indicate that the malware injected Flappy Bird App has originated in Russia and Vietnam.

The fake Flappy Bird App appears amazingly similar to the original one, when it was available for download.  But users should and can identify the fake by carefully looking at the number of permissions the App asks while installing.  The original Flappy Bird asked a few permissions while the trojanized Flappy Birds requests a larger number of permissions which  includes the permission to read and send text messages.  

Do remember, that if you get a Flappy Bird App which asks for permission to read and send text messages you can bet your top dollar its a malicious App.  Once the malicious App is installed, it start sending messages to premium rate numbers which will inflate your phone bill by considerable extent.  That is not the only harm it will create, the rogue game App also retrieves information such as phone number, Gmail address and carrier from the infected Android phones.  These phone numbers, Gmail ids are then relayed to the cyber criminals command and control centre.

Less dangerous trojanised Flappy Birds App versions are designed to display a pop-up asking victims to pay for the game.   The primary files used by the cybercriminals to make the trojanised Flappy Bird App are  :

ANDROIDOS_AGENT.HBTF, 
ANDROIDOS_OPFAKE.HATC, 
ANDROIDOS_SMSREG.HAT.

LEAVE A REPLY

Please enter your comment!
Please enter your name here