Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

79 percent of fake Flappy Birds mobile apps carry malware: McAfee Labs Threat Report

Zafirah Salim | June 25, 2014
Mobile app developers need to be more vigilant about the security of their apps, while users should be more mindful when granting permission requests that criminals could exploit for profit.

Flappy Birds

Threat research team McAfee Labs released today its McAfee Labs Threat Report: June 2014, which revealed mobile malware tactics that abuse the popularity, features, and vulnerabilities of legitimate apps and services, including malware-infested clones that imitate the popular mobile game Flappy Birds.

The report highlights the need for mobile app developers to be more vigilant about the security of their apps, and encourage users to be mindful when granting permission requests that criminals could exploit for profit.

According to the report, 79 percent of sampled clones of the Flappy Birds game contained malware. Through these clones, perpetrators were able to make phone calls without user permission, install additional apps, extract contact list data, track geo-location, and establish root access for uninhibited control over anything on the device, including the recording, sending and receiving of text messages.

Some examples of mobile malware noted by McAfee Labs are as follows:

  • Android/BadInst.A: This malicious mobile app abuses app store account authentication and authorisation to automatically download, install, and launch other apps without user permission
  • Android/Waller.A: This Trojan exploits a flaw in a legitimate digital wallet service to commandeer its money-transfer protocol and transfer money to the attacker's servers
  • Android/Balloonpopper.A: This Trojan exploits an encryption method weakness in the popular messaging app WhatsApp, allowing attackers to intercept and share conversations and photos without users' permission

Additional key findings of the report include:

  • Mobile on the move: McAfee Labs' pool of mobile malware samples grew by 167 percent between Q1 2013 and Q1 2014
  • Suspicious URLs: New suspect URLs set a three-month record with more than 18 million - a 19 percent increase over Q4 2013 and the fourth straight quarterly increase
  • Signed malware: New malicious signed binaries remain a popular form of attack, increasing by 46 percent in the first quarter of 2014
  • Master boot record malware: New threats attacking the master boot record increased by 49 percent in the first quarter, reaching an all-time high for a single quarter
  • Ransomware in repose: Ransomware sample counts have dropped for three straight quarters
  • Botnets and currency mining: McAfee Labs saw botnet providers include virtual currency mining capabilities with their services, reflecting the increasing popularity of digital currencies such as Bitcoin

"If an app has a name we recognise and we believe it will give us something we want, we tend to disregard the potential for security breaches," said Wahab Yusoff, Vice President, South Asia, McAfee.

"From what we have observed this year so far, malware developers are taking advantage of such tendencies, using our trust of well-known mobile apps and manipulating features to compromise our data. Both developers and users should then be much more vigilant and take a closer look at their apps and the permissions that comes with them," he added.


Sign up for Computerworld eNewsletters.