While some are still scratching their heads over Flappy Bird‘s inexplicable rise to popularity and subsequent disappearing act, cyber-scammers have acted quickly to replace the defunct app with trojan-infested fake versions on Google's Play Store.
We know that enterprising eBay members have taken to the auction site to charge astronomical prices for smartphones with the game installed, and we’ve seen a multitude (more than 140) of Flappy Bird clones hit Google’s Android store. (My personal favorite is Flappy Doge, inspired by the meme-ified cryptocurrency.) But exact fakes of Flappy Bird have also nested down at Google Play, and you’ll want to avoid installing them at all costs.
Trend Micro sent word of these fake versions today, saying they “advise Android users (especially those who are keen to download the now “extinct” Flappy Bird app) to be careful when installing apps.” Trend Micro explains that they’re running rampant primarily in Russia and Vietnam, and they even use the same art assets. In other words, they’re nearly impossible to distinguish from Dong Nguyen’s original game.
The internet security company defines these fakes as “Premium Service Abusers.” They require elevated privacy privileges well beyond what the original game did, including writing web bookmarks and the sending and receiving of text messages. How does this translate to nefarious activity on your smartphone? While you’re playing the game, embedded malware will connect to a “command and control” server to get instructions, and then send text messages to premium numbers. It even masks the notification of received text messages to keep you in the dark regarding its activities.
Making matters worse, several of these fake Flappy Bird apps have access to your phone number, cell phone carrier, and Google account. Yet another variant enforces a pay wall, requiring users to pay for the game to continue playing (the original title was free to play and supported by advertising).
This is only the newest in a string of impostors to criminally cash in on popular games like Temple Run, Angry Birds Space, and Candy Crush. And it’s yet another prime example of the need for Google to offer stricter curating and approval policies for their App Store. It’s not a problem unique to Android, but it’s certainly more prevalent than on Apple's digital marketplace.
Trend Micro has a recent blog post with tips on ensuring that the app you’re about to download it legitimate. Check it out here. If you absolutely have to scratch that Flappy Bird itch and you weren’t an early adopter, here’s a list of 7 non-dangerous alternative.