Hackers create Flappy Bird copycat scam apps
Hackers have taken advantage of the shutdown of mobile game Flappy Bird to try and cash in with scam versions.
Security firm Trend Micro has discovered several fake versions of Flappy Bird for Android, only a day after its creator mysteriously decided to pull the popular game from app stores.
The fakes have so far only appeared in third-party Russian and Vietnamese app stores, though it’s possible they will spread to Google Play as demand for the defunct game appears to be high.
Downloading a fake version of the app results in the user’s phone sending messages to premium numbers, racking up phone bill costs.
“The fake Flappy Bird app asks for the additional read/send text messages permissions during installation — one that is not required in the original version,” said Trend Micro researcher Veo Zhang.
After users install the game and start playing, the app quietly connects to a command-and-control server through Google’s Cloud Messaging service. That instructs the app to quietly send and receive text messages and hide the notifications.
“Apart from premium service abuse, the app also poses a risk of information leakage for the user since it sends out the phone number, carrier, Gmail address registered in the device,” added Zhang.
Trend Micro told PC Pro it had no way to track download figures for the fake apps, but said Flappy Bird scams were likely to spread.
“We can expect to see a phenomenon like Flappy Bird being used as bait in any number of scams and attacks,” said director of security research Rik Ferguson. “[That could] range from spam, social media attacks through Facebook or Twitter [to] trojanised apps and malicious downloads.”
Flappy Bird’s maker, Dong Nguyen, enraged users after he abruptly decided to shut down the game, announcing on Twitter: “I cannot take this anymore.”
The game was at one point the most popular free app both in Apple’s App Store and Google Play, and was downloaded more than 50 million times.
The game involved users repeatedly tapping the screen with their finger to keep a cartoon bird in flight while dodging obstacles.
Nguyen eventually revealed the game’s success had become too much for him, and that he was unhappy so many users had become “addicted”.
“Flappy Bird was designed to play in a few minutes when you are relaxed,” he told Forbes. “But it happened to become an addictive product. I think it has become a problem. To solve that problem, it’s best to take down Flappy Bird. It’s gone forever.”
Since Flappy Bird’s closure, torrents for the game have appeared on Pirate Bay, while phones and tablets pre-loaded with the app are being advertised for thousands of pounds on eBay UK – though whether anyone is addicted enough to buy them remains to be seen.