Beware! Flappy Bird fake apps are stealing money for cybercriminals

Graham Cluley
Graham Cluley
@[email protected]

Flappy BirdLate last week, I heard some people raving about a smartphone game called Flappy Bird.

I felt like a social outcast not knowing what it was, and downloaded it to give it a try.

Sorry to be a party-pooper but I couldn’t see what the fuss was all about.

After about three minutes I erased the game from my phone, irritated by the intrusive advertising banners it popped up over the screen (the Vietnamese maker of the game is reported to have made $50,000 per day from the ads) and the dull unenticing gameplay.

Sign up to our free newsletter.
Security news, advice, and tips.

But, apparently, I’m in the minority.

Many many people are utterly enhanted by Flappy Bird, became addicted to beating their high scores, and went into shock when headlines revealed that the game’s creator, Dong Nguyen, had decided to withdraw it from app stores.

Some chancers even offered iPhones for sale on eBay, complete with Flappy Bird already installed for those folks who might be tempted to pay over the odds for the chance to play the hit game.

And, like other hot apps before it, cybercriminals saw an opportunity to make money for themselves.

As Trend Micro reports, fake Android versions of Flappy Bird have been spread online, designed to steal money for online criminals.

The apps, which have been particularly rampant in unofficial Android app marketplaces in Russia and Vietnam, attempt to send SMS messages to premium rate services and then hide the responses from the phone’s owners.

In this way, the fraudsters earn money without the game player realising.

Permissions required by fake Flappy Bird app

This scam only works for criminals because users don’t properly check an Android app’s permissions before allowing it to install.

If possible always get your Android apps from the official Google Play store. Although there have been cases of malware and shady apps getting into the official store, generally it’s a lot safer to download Android apps from there than elsewhere.

Also, see how many reviews an app has received – and check them out before downloading it to your Android phone. If it’s a popular app like Candy Crush Saga or Instagram or Angry Birds you would expect there to be plenty of reviews. If it doesn’t have any reviews, but is a well-known app, there’s a chance that you’re looking at a fake version which might have sinister intentions.

And, regardless of where you source your Android apps from, always check the permissions that your app requests. You should ask yourself, would a simple game *really* require need to send (potentially expensive) SMS messages?

A little common sense can go a long way. Unlike that bloody flapping bird…

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.