Flappy Bird Malware: How To Avoid Imposter Versions Of Mobile Games That Infiltrate Text Messages

Flappy Bird, a simple yet addictive mobile game, soared from app store obscurity last week and blazed across the Internet like a comet before it vanished forever. The creator of Flappy Bird, Dong Nguyen, said that he removed the game before it was “an addictive product,” and now the app only exists on phones that downloaded Flappy Bird before Monday.

Like any in-demand and addictive product suddenly made difficult to acquire, a Flappy Bird black market has sprouted. New iOS and Androud devices with Flappy Bird installed are selling on eBay for as much as $100,000.

Cybercriminals have also seized the Flappy Bird craze as a chance to spread malware. Naked Security, a computer security blog from Sophos, detected infected versions of Flappy Bird cropping up on alternative Android app marketplaces.

The malicious Flappy Bird apps look legit on the surface, using the same name and Flappy Bird icon, but asks for more permissions than the original Flappy Bird. In addition to asking for network access, which Flappy Bird used to serve ads, the malicious Flappy Bird imposters ask for access to a user’s text messages, Web bookmarks and history and more.

The app pretends to be a trial version of Flappy Bird that has expired and asks users to send a premium-rate text message. Most users won’t agree to these suspicious charges, but even if you try to exit the fake Flappy Bird, it will continue to run in background.

Sophos recommends Android users to avoid getting apps from alternative Android stores. Also, Android phones have a default setting to not allow "off-market" apps. Leaving this option alone will protect devices from Flappy Bird malware.

Additionally, users desperate to get in on the Flappy Bird craze need to accept that, for now, the app is dead and gone. It is time to move on.