Malicious versions of the popular 'Flappy Bird' game found on app stores for smartphones: SSO Alert
18 February 2014
Fake versions of the popular 'Flappy Bird' game have been discovered on the Android app store for smartphones, which contain malware.
You should be careful not to install any app which claims to be 'Flappy Bird', as the official app has now been removed from the app store. Similar games have appeared which are non-malicious, however it can be difficult to determine which versions are safe and which are not.
The game, 'Flappy Bird' was one of the most downloaded apps over summer, with millions of people playing the game. The creator recently withdrew the game from both Android and Apple app stores, citing personal reasons, creating controversy of his sudden success.
Since the game was withdrawn, copies of the game have become available with reports that many of these contain malware. Searches for 'Flappy Bird' in app stores now do not include the official version. Some of the malicious copies may now be receiving higher rankings.
If you suspect you have installed a malicious version of Flappy Bird, or another malicious app, uninstall it from your phone. You should also monitor you phone bill for any suspicious activity.
Android users should consider installing security apps on their device (however it won’t remove any existing malware from your phone). There are a number of free and paid options available from well-known security vendors. Make sure you research the product and only chose software from a reputable source.
How to spot malware on app stores
It can be difficult to tell whether an app is malicious or not without installing it. The main clues are length in time it has been in the app store, the popularity of the game, number of reviews and quality of those reviews. Both Google (who operate the main Android app store) and Apple (who operate the iPhone/iPad app store) do extensive testing to remove malicious apps, however bad apps can still appear from time to time.
If you are looking to install a new app, be careful to check that the developer listed is the legitimate developer of the app, which can be done by going to the developer's website and searching for the game. Further, check the permissions of the app to ensure it is not asking for permissions that it doesn't need. For instance, a normal game would not normally need permission to send SMS messages. This is an increasingly common scam; the game will send SMS messages to premium numbers to collect income.
If you are not confident the app you are considering installing is legitimate, you should not install it. Instead, choose higher ranking apps that have earned a good reputation with favourable reviews.
Stay Smart Online has more information on protecting your smartphone, which includes tips on securing your phone and installing legitimate apps.
Details about the malicious versions of Flappy Bird can be found in this article by TrendMicro and also in this article by NakedSecurity, which contains some of the technical details. This article by Extremetech contains more information on spotting malicious android applications here .
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.