By Veo Zhang, Trend Micro
Especially rampant in app markets in Russia and Vietnam, these fake Flappy Bird apps have exactly the same appearance as the original version:
And while the user is busy playing the game, this malware stealthily connects to a C&C server through Google Cloud Messaging to receive instructions. Our analysis of the malware revealed that through this routine, the malware sends text messages and hides the notifications of received text messages with certain content.
Apart from premium service abuse, the app also poses a risk of information leakage for the user since it sends out the phone number, carrier, and Gmail address registered in the device.
Other fake versions we’ve seen have a payment feature added into the originally free app. These fake versions display a pop up asking the user to pay for the game. If the user refuses to play, the app will close.
These fake Flappy Bird apps are now detected as ANDROIDOS_AGENT.HBTF, ANDROIDOS_OPFAKE.HATC, and ANDROIDOS_SMSREG.HAT.
We advise Android users (especially those who are keen to download the now “extinct” Flappy Bird app) to be careful when installing apps. Cybercriminals are constantly cashing in on popular games (like Candy Crush, Angry Birds Space, Temple Run 2, and Bad Piggies) to unleash mobile threats. Our past entry, Checking the Legitimacy of Android Apps, enumerates some tips on how to do avoid suspicious or malicious apps. Users may also opt to install a security app (such as Trend Micro Mobile Security) to be able to check apps even before installation.