WASHINGTON – Hackers have wasted no time exploiting the departure of the wildly popular Flappy Bird mobile game.
“Now that the Flappy Bird app is gone, criminals are using the demand gap for this app as an opportunity to get fake and trojanized versions of Flappy Bird out there,” says Christopher Budd, global threat communications manager for Trend Micro, an Internet security company.
Several fake Android versions of the game have appeared in third-party Russian and Vietnamese app stores and on websites, but have not been spotted in Google Play.
Downloading a fake version can affect users’ phones in several ways, says Budd.
“We’re seeing multiple fakes, but the majority of the fakes are what we call SMS premium service abusers,” says Budd.
The SMS premium service is the method used when a cause or agency solicits a pre- determined donation amount by having people send texts.
“Hackers abuse that service, and they get malware on your phone that starts sending text messages to numbers they pick which charge your account,” says Budd.
To make matters worse, the malware obscures the financial damage it is doing.
“It will immediately delete the acknowledgements that these services generate,” says Budd. “So you’ve got software running on your phone that’s racking up bills on your phone account without you knowing anything about it until you get your bill.”
Danger focuses on Android
Budd says it’s not surprising the Flappy Bird scam has targeted Android, rather than iOS or Windows operating systems.
In Trend Micro’s 2013 Threat Roundup, the company identified 1.4 million pieces of malware and high-risk apps on the Android platform, Budd says. He says scammers often target the Android operating system when attempting to exploit users.
“For various reasons, many hot new games will come out on iPhone first, and there will be a delay between the iPhone version and the Android version,” says Budd.
“In that delay, people on Android want the app but they can’t get it, and that’s the opportunity criminals use to go ahead and put fake versions out there.”
Is there a safe Flappy Bird?
Flappy Bird was grounded Feb. 10, when developer Dong Nguyen pulled the game from the market, apparently overwhelmed by the game’s success.
Smartphone users who downloaded the game prior to that date from Apple’s App Store or the Google Play store can continue to safely play the game, experts say.
Budd says users who didn’t get Flappy Bird while it was still available should be extremely wary of getting a copy now.
“If you got a friend who has it and they’re offering to give it to you, make sure they know where they got it and that it’s real,” says Budd.
In general, Budd says, mobile users, especially using Android phones, should “be really careful and not get caught up in the enthusiasm over certain apps.”
Budd, whose company sells mobile security apps for Android devices, recommends installing a security package.
“You wouldn’t be on the Internet on a PC without a security package,” says Budd.