Mobile Tech Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
News & Product Reviews for Mobile Tech Users
Vblock™ Systems:
Advanced converged infrastructure
increases productivity & lowers costs.

www.vce.com
Wednesday, April 23rd 
24/7/365 Network Uptime!
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Laptops & Tablets
Mobile Phones
Mobile Gadgets
Mobile Apps
BYOD & MDM
iPad
Mobile Industry News
Wireless Connectivity
Wireless Security
GPS & Maps
MTT Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Viruses & Malware

Fake Flappy Bird Will Peck a Hole in Your Wallet

Fake Flappy Bird Will Peck a Hole in Your Wallet
February 12, 2014 10:17AM

Bookmark and Share
Apart from premium service abuse, some fake Flappy Bird apps also pose risks of information leakage for the users since they send out the phone numbers, carriers, and Gmail addresses registered in the devices. Other fake versions of Flappy Bird have payment features added into the originally free app.

Your Next Generation Data Center Is Here! Vblock™ Systems: the world's most advanced converged infrastructure are built on the Cisco Unified Computing System with Intel® Xeon® processors. Vblock™ Systems deliver extraordinary time to market, ROI and TCO, and flexibility to meet your continually changing demands with 5X faster deployment, 96% less downtime, and 1/2 the cost. Click here to learn more.

Flappy Bird is making massive headlines this week after its creator took the game down because it was so addictive. Gamers started looking for the popular app elsewhere and some got more than they bargained for: malware.

Cybercriminals are taking advantage of Flappy Bird flying away and are pushing out clones that contain malicious software. It’s reportedly hard to tell the difference between the real game and the fake. But the phony apps are sending expensive text messages using a victim’s phone number.

“All of the fake versions we’ve seen so far are premium service abusers -- apps that send messages to premium numbers, thus causing unwanted charges to victims’ phone billing statements,” Veo Zhang, a mobile threats analyst at Trend Micro, wrote in a blog post. “The fake Flappy Bird app asks for the additional read/send text messages permissions during installation -- one that is not required in the original version.”

How it Works

While the user is busy playing the game, this malware stealthily connects to a C&C [command & control] server through Google Cloud Messaging to receive instructions, Zhang reports. Trend Micro’s analysis of the malware revealed that through this routine, the malware sends text messages and hides the notifications of received text messages with certain content.

“Apart from premium service abuse, the app also poses a risk of information leakage for the user since it sends out the phone number, carrier, Gmail address registered in the device,” Zhang said. “Other fake versions we’ve seen have a payment feature added into the originally free app. These fake versions display a pop up asking the user to pay for the game. If the user refuses to play, the app will close.”

A Viral Marketing Boost

Paul Ducklin, a security researcher at Sophos, said allowing "off-market" app installs is a non-default option, and it produces a fairly stern warning from Google if you try to activate it. Ducklin said that the original Flappy Bird was free, with no trial period or fee, and the author made his money through ads presented by the game, not by selling the app.

“But, like writers, musicians and artists whose popularity surges when they die, Flappy Bird enjoyed a bigger-than-ever viral marketing boost upon its demise,” he wrote in a blog post. “So it's possible, even likely, that otherwise conservative users have been turning on the ‘unknown sources' feature so they can take a belated look at what the Flappy Bird fuss is all about.”

Using Common Sense

We caught up with Graham Cluley, an independent security analyst in London, to get his take on the latest Flappy Bird news. He told us it’s always better to buy Android apps directly from the official Google Play store -- and this is a good example of why.

“Although there have been cases of malware and shady apps getting into the official store, generally it's a lot safer to download Android apps from there than elsewhere. Wherever you source your Android apps from, always check the permissions that your app requests,” he said.

“You should ask yourself, would a simple game really need to send -- potentially expensive -- SMS messages? A little common sense can go a long way,” he added.

Tell Us What You Think
Comment:

Name:



 Viruses & Malware
1. Malware Targets Facebook Users
2. OpenSSL Calls for More Support
3. How, Why Heartbleed Got Its Name
4. Android Apps Mine Virtual Currency
5. Spyware Targets U.S. and Europe




 Most Popular Articles
1. Google Glass Finds a Home in Medical Education, Practice
2. HP Rolls Out New Software-Defined Network Products
3. Smartphone Kill Switch Could Save Users $2.6B a Year
4. Avaya Aims To End Network Waiting Game
5. Google Video Shows Off Modular Project Ara Phone

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  Samsung: $2.2B Too Much for Apple
  Review: Windows Phone Advances
  Uber Meets Local Lookalikes in Asia
  Microsoft-Nokia Deal Closes this Week
  Mobile Ad Platform From Facebook?

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
Verizon Data Breach Report Exposes Top Threats
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Where Do Web Sites Stand, Post-Heartbleed?
A security firm says the vast majority of Web sites have patched themselves to protect against the Heartbleed bug, but now there are questions raised on the reliability of open-source programs.
 
White House Updating Online Privacy Policy
A new Obama administration privacy policy explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites, saying much is in the public domain.
 
Navigation
Mobile Tech Today
Home/Top News | Laptops & Tablets | Mobile Phones | Mobile Gadgets | Mobile Apps | BYOD & MDM | iPad
Mobile Industry News | Wireless Connectivity | Wireless Security | GPS & Maps | MTT Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 Mobile Tech Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.