For those who have been spared the torture of Flappy Bird, it was the latest mobile gaming craze – until this last weekend. By the standards of smartphone games, it was simple, even primitive. You played as Flappy Bird trying to fly through the gaps between vertical green pipes. Where the game was interesting was in its difficulty. If the bird touched anything, it died immediately and the player would have to start from the beginning.
…And that is absolutely normal for these kinds of games. but unlike another endless runner like Temple Run, Flappy Bird isn’t something you can play by idly swiping your finger to the left or right every time you approach an obstacle. The only way to maintain a proper altitude is to tap the screen feverishly to make the bird flap its wings. If you stop even for a second, the bird plummets immediately to its death. Typically it would take an average player 15 tries just to get past the first pipe, the addiction coming from trying to improve your top score.
The game was removed from Google Play and the Apple iOS store this last weekend by its developer Dong Nguyen, because he maintained it was “an addictive product.”
Since the weekend literally hundreds of fake apps have since sprung up, and scammers have already figured out how to cash in on the game’s demise.
Sophos has already found infected versions of Flappy Bird in alternative Android markets. One such fake app is a “trial version” that demands that you send a text message (to a special premium number, of course) and won’t let you completely quit the app until you do.
Trend Micro also found fake Android apps, which it says are especially common in app stores across Russia and Vietnam. While these behave exactly like the original app (they’re not trial versions), they also connect, unknown to the user, to scammer’s servers to steal the user’s phone number, their carrier, and Gmail email address registered with the device.
Thankfully, these won’t do that much damage to the actual Android phone or tablet, but where the real damage can occur, is with the personal and sensitive information that is now in the criminal’s hands. Imagine if a scammer knew my smartphone number, knew who my cellphone provider was, and what my e-mail address was. They could gleam information about my physical address, where I bank and start a SIM card swap to gain access to my Internet banking account. It all started with FlappyBird and because it was addictive game that I had to play, I opened myself up to be exploited by scammers.
In short, Flappy Bird is dead, but the scams are only beginning. My advice is the same as always when it comes to Android malware: stick to Google Play and only install apps that you know are safe.