Skip to main content

Fake 'Flappy Bird' App Spreads Malware

"Flappy Bird," a curious little mobile game that earned its creator a reported $50,000 per day before he pulled it from app stores this past weekend, has spawned its fair share of copycats. And while imitation may be the sincerest form of flattery, some "Flappy Bird" replacements can scam you out of hundreds of dollars.

As Android phones do not limit users to apps from the Google Play store, apps in less-reputable stores are widely available — however, they often contain malware. Right now, third-party app stores in Eastern Europe and Southeast Asia are offering an app called "Flappy Bird" that is identical to the original, save for the fact that it loads premium-text-message scams on your phone.

MORE: 12 Most Maddeningly Difficult Games of All Time

The good news about this scam,discovered by researchers at Trend Micro, is that it's absolutely up front with its duplicity. As with any other Android app, the fake "Flappy Bird" provides you with a list of permissions it needs in order to run before you install it. One of the requirements for the faux "Flappy Bird" is the ability to send, receive and read short message service (SMS) messages.

The app even uses the standard Google Play warning that sending SMS messages may cost you money, and asks permission before sending out premium texts to new phone numbers. That isn't to say that every part of the scam is out in the open, though. Users can also receive text messages that incur charges, and the app hides these by default.

Even if you think hundreds of dollars is a fair price to play one of the most frustrating games ever created, you may be less thrilled that the app can also steal your personal information. The fake "Flappy Bird" shares your personal data, including phone number and Google account information, with a command-and-control server.

While there's no evidence that the compromised version of "Flappy Bird" has made its way into the official Google Play store, the game has spawned dozens of cheap knock-offs. There's a good chance that at least one "Flappy Bird" copycat with built-in malware, or at least dodgy adware, slipped past the Google Play gatekeeper.

If you're absolutely dying to play "Flappy Bird," there are still ways to acquire it, although the legality is dubious. If you can find a clean version of the Android application package file (APK) online, you can side-load it to your Android device, install it and tear your hair out because the game is so difficult and arbitrary.

Of course, installing third-party APKs is like playing Russian roulette with your phone or tablet, so be sure to scan the app with an Android security suite before committing to it. Then, flap away.

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.