Security researchers are warning Android users not to install versions of Flappy Bird found in alternative app stores as they may contain malware that could lead to unwanted charges on their phone bills.
Flappy Bird is a mobile game that rose to popularity over the last few months but was suddenly removed from both the Apple App Store and Google Play last weekend. Since then, some Android users have turned to alternative app stores to install Flappy Bird clones that have the same name and icon and deliver the same game play.
The Flappy Bird clones, however, also install malware on users' devices, researchers say.
Trend Micro and Sophos, two security firms, said they have found multiple fake Flappy Bird games that ask users for more permissions than the real version of Flappy Bird did.
When the real version of Flappy Bird was available, it asked users permission for "network access" so that it could display ads, according to Sophos. The fake Flappy Bird games ask for all sorts of permissions, including the ability to send text messages, "draw over other apps," create Web bookmarks on its own, and more.
Users who are eager to play Flappy Bird may give the fake apps these permissions without reviewing them, putting their device in harm's way.
One consequence is that the impostor games may covertly send text messages to so-called premium numbers that charge a user money beyond what a normal text message costs, increasing the user's next phone bill.
Additionally, fake versions of Flappy Bird may also send out users' phone numbers and Gmail addresses to spammers, according to Trend Micro
The best advice for users is to download apps and games only from the Google Play store, which means not downloading any games that claim to be Flappy Bird.