Threat Intelligence

February 14, 2014

min read

Security Alert: A Flap Over Fakes


Sadly, this week Flappy Bird, the latest game addiction for millions, fell victim to attackers who exploited the games popularity by injecting Trojans in fake versions of the extinct app. The malicious variants belong to several different families of malware previously identified by Lookout, which means all Lookout users have been protected. These Trojans enable the bad guys to generate revenue by requiring payment after game play, through malicious advertising networks, and via basic SMS fraud.


Who is Likely to be Affected?

Currently, the risk of encountering the malicious functionality is primarily restricted to Vietnamese users. Due to the nature of premium SMS fraud, which thrives in areas where regulation of premium services is lenient and generally not portable across countries, this malware is likely not functional outside of Vietnam. This past fall, for example, the four major carriers in the U.S. announced that they would stop billing for most premium text messages given their increasing popularity as a vehicle for fraud.

However, given the strong demand for Flappy Bird, and the crazy lengths that people will go to get it, there is a strong risk that other malware authors will try to leverage this game for their own malware. Millions of people downloaded Flappy Bird at its peak and it’s likely that many are saddened to see the app meet its end. The temptation to download what may appear like legitimate versions (but are not) of the app from alternate sources can be quite high given that the original app has been removed from official markets. This presents a real potential for risk considering that the risk of encountering something is highly dependent on user behavior.

It’s not uncommon to see these types of threats repackaged into fake versions of popular gaming apps. Repackaging is a very frequent tactic in which a malware writer takes a legitimate application, modifies it to include malicious code, then republishes it to an app market or download site. The repackaging technique is highly effective because it is often difficult for users to tell the difference between a legitimate app and its repackaged doppelganger.

How to Stay Safe

  • Protect your privacy and don’t download pirated apps, especially fake versions of Flappy Bird! Spend a couple bucks to get the real app (when available) and support the legitimate maker of the app while protecting your privacy.
  • Avoid downloading apps from 3rd party app stores. Only download legitimate apps, such as those found in the Google Play store, Apple’s App Store and the Amazon App Store.
  • Do your own review of the app before you download. Spend an extra five minutes and visit the reviews on the app store or go to a reviews portal to see if the app you’re about to download is seen as legitimate and safe.
  • Download a mobile security app like Lookout that scans every app on your phone and alerts you when malware or spyware may be present.