Flappy Bird, a mobile game that took the world by storm throughout the past year with more than 50 million downloads, has not only garnered attention from mobile users but also from cybercriminals looking to capitalize on the app’s popularity. When the original Flappy Bird developer Dong Nguyen removed the game from the iOS and Android app marketplaces in February, the demand for the game only intensified, sparking the creation of hundreds of imitation versions such as Fly Bird and Flappy Penguin. While many mobile device gamers eagerly downloaded these games to their devices, some were oblivious to the numerous Flappy Bird clones containing malicious malware in the app marketplace.
The rise in mobile malware authors disguising malicious code in popular apps and games is not a new trend, but it is a tactic drastically increasing in popularity among cybercriminals. Previous McAfee Labs Threats Reports have uncovered malicious apps disguising their intent on app marketplaces, yet the latest report has revealed that the majority of the hundreds of Flappy Bird clones released were carrying malicious code. During the first quarter of 2014, McAfee Labs researchers sampled 300 Flappy Bird imitators from the mobile malware “zoo,” and discovered that a whopping 238 — 79% — of the samples were malicious.
These malicious clones may appear as a normal gaming app to the average user, but these apps pack more functionality than the original game and can damage and invade a user’s mobile device. For example, one malicious clone named “com.touch18.flappybird.app (3113ad96fa1b37acb50922ac34f04352)” is able to manipulate a user’s mobile device a number of ways when downloaded:
- Make calls without the user’s permission.
- Install additional applications without the user’s permission.
- Allow an app to record and process incoming SMS messages without permission.
- Send SMS messages without the user’s permission.
- Extract SMS messages.
- Send data to a mobile number via SMS.
- Allow an app to read the user’s contacts without permission.
- Extract GPS location.
- Read IMEI number and MAC address and transmit them to third parties without the user’s permission.
- Send user activity data to third-party sites.
- Allow an app to call the killBackgroundProcesses without permission.
Unfortunately, McAfee Labs does not expect the mobile malware trend to dwindle in the near future. Since mobile devices are easily infiltrated by attackers an increase in malicious apps is predicted, yet there are proactive measures users can take to stay secure. Software controls such as anti-malware and secure containers are a step in the right direction. These security measures along with a strong understanding of what is being downloaded and installed on a device are simple measures that can protect users from malicious apps.