Android.Smsreg.AF is an Android-based App that was developed to trick users into thinking it is a legitimate copy of the popular gaming application, “Flappy Bird”.
One of the first giveaways that the downloaded Flappy bird program is bogus is that while playing games it begins to display the message, “Trial is expired, activation for fifteen thousand!” – This message does not appear in the original game.
Once the application is loaded, it runs the service named ‘vn.adflex.sdk.AdFlexSDKService’, this service collects the following private information from the users device:
Phone EmailID AndroidID VERSION.RELEASE Build Model Manufacturer IMEI Number Network type
Additionally, as the user is engulfed playing the game, Android.Smsreg.AF is silently connecting to a predefined Command & Control (C&C server) to receive further orders and after set time intervals, it begins to send chargeable and costly text messages to a certain number reading, “Flappy Bird would like to send a message to 8748”.
Android.Smsreg.AF also performs an information data breach by relaying all the information supplied above to its server.
Android.Smsreg.AF functions in the following ways-
Acquires the following Permissions: android.permission.ACCESS_NETWORK_STATE android.permission.INTERNET android.permission.WAKE_LOCK android.permission.SYSTEM_ALERT_WINDOW android.permission.GET_TASKS android.permission.WRITE_EXTERNAL_STORAGE android.permission.SEND_SMS android.permission.RECEIVE_SMS android.permission.READ_PHONE_STATE android.permission.VIBRATE android.permission.RECEIVE_BOOT_COMPLETED android.permission.ACCESS_WIFI_STATE android.permission.READ_EXTERNAL_STORAGE
