Malware authors are expert at spotting opportunities and market conditions that will aid them in distributing their wares. We saw that again last week, when security firms began warning that a supposedly "free" versions of the Angry Birds spin-off "Bad Piggies" for Google's Chrome browser are, in fact, fakes that harvest data and install adware.
Researchers at the firm Barracuda Networks wrote that spammers and other online scam artists have jumped on excitement about the Angry Birds sequel with phony Bad Piggies offerings that install adware and harvest data from users' web sessions.
Bad Piggies, from the Finnish mobile application developer Rovio, is a spin-off of the mega-popular Angry Birds franchise that flips the perspective of that game: putting players in the position of the pigs, rather than the vengeful birds.
The game was released on September 27th and quickly became the top download from Apple’s iOS App Store.
The game runs on iOS, Android, Windows and Apple Mac. There isn’t a version (yet) for Google’s Chrome platform, creating an ideal opportunity for spammers and rogue application developers.
A search of Google’s Chrome Store on Sunday revealed five Chrome applications that posed as versions of Rovio’s Bad Piggies, while other games mention “Bad Piggies” along with “Angry Birds.” None are official versions of the Rovio game.
The two top offerings, both named “Bad Piggies,” are packaged to look like the official Rovio game, though neither is a playable version of Bad Piggies
The first, from the web site gametc.net, received 1.5 stars out of five and was downloaded 8,543 times, according to the Chrome Web store. It collected 143 reviews, all negative and many warning of links to adware laden web sites.
The second, from the publisher Pabeda, was downloaded 1,958 times is an inferior, cloned version of Angry Birds that collected 29 reviews ranging from cautionary to hostile.
Researcher Jason Ding said that Barracuda found many of the phony Chrome applications ask for wide ranging permissions to collect data from any user web sessions. Others installed a plugin that monitored what websites the user visited and then superimposed ads on those sites, including yahoo.com, ebay.com, Disney.go.com and msn.com, in addition to the official chrome.angrybirds.com website.
Ding said that, as of October 2nd, 82,593 Chrome users installed some version of the ad-injected Chrome applications.
This isn’t the first time that Google’s Chrome Store has been used to distribute information stealing adware.
In May, 2011, Naked Security wrote about a similar scam involving a playable version of Super Mario that also harvested data from your browsing history and Web sites you visit.
Google’s hands-off policy for its Chrome Store and Google Play app store have aroused the ire of security experts before.
Writing for Barracuda, Ding said that Google should provide more security on the Chrome Web store to protect its users. In the meantime, Chrome users should beware of applications that request permissions far in excess of what they reasonably need to run.
Sophos researchers have confirmed that the rogue Bad Piggies applications ask for permission to snoop upon an alarming amount of web data, and have blocked access to the affected websites.