SAN FRANCISCO - Scratching the Flappy Bird itch could be dangerous, a report by computer security company McAfee finds.
"Of the Flappy Bird clones we sampled, almost 80% contained malware," said Brian Kenyon, chief technical strategist at the Santa Clara, Calif.-based company.
Developer Dong Nguyen removed his hugely popular Flappy Birds game app from online app stores in February, saying it caused "addiction (in) people. I think it is an unexpected problem … and I have to remove it," he told USA TODAY.
His decision launched hundreds of Flappy Bird clones, online games somewhat similar to the original. But McAfee Labs' quarterly Threat Report, released Tuesday, found that a high percentage of those contain malicious computer programs.
This isn't the first time malware has been associated with knock-off versions of the enormously popular game. They began to surface almost as soon as Dong took it down.
The McAfee engineers corralled over 270 of the malware-infected apps in a malware "zoo" and dissected them to see what they did.
One of the most common malicious behaviors McAfee engineers observed was programs that make calls without user permission. These were often to numbers that charge by the minute for a connection, "much like the chat numbers that had a huge impact on people's phone bills a few years ago," said Kenyon.
Some apps also sent text messages to billing sites, using the same capability that makes it possible to text money to a charity such as the Red Cross.
"Those are typically going to shell companies where money can be taken out of the back end," said Kenyon.
The malware also extracted the user's location from the phone. That's helpful because it allows hackers to sort credit card information by ZIP code.
"You can't sell a stolen credit card number from California to a guy in Florida, because if he buys gas with it and then an hour later the real owner buys groceries in California, the security system kicks in," Kenyon said. If stolen cards go only to people in a nearby ZIP code, it can take much longer for anyone to realize there's a problem.
"It increases their worth on the black market," he said.
Analyses have found that the problem is greater in apps for Android phones because Android is an open source operating system and in general a freer system than Apple's closed one.
That makes it popular with developers but also easier for would-be criminals to sell or give away apps containing malware.
Apple devices that have been jailbroken, which have had their security broken so they can run third-party apps, are also vulnerable, Kenyon said.