Fake Bad Piggies games sold in the Google Chrome web store may have infected 80,000 users with malware.
The genuine game is only available on Apple or Android, leaving a gap in the market – and, says security firm Barracuda Networks, there are now eight games popping up in the Chrome store when users search on the term ‘Angry Piggies’.
But according to Barracuda, downloading these apps, from playook.com, installs a plug-in that spawns spam advertisements.
Users are required to give them permission to ‘access your data on all websites’, potentially allowing them to steal sensitive information such as email addresses and online credit card information.
Barracuda installed some of the plug-ins in a test environment.
“First, this Angry Birds Bad Piggies game is not authentic: it is a pigs-shoot-birds game. Second, and much worse, once the game installs a plug-in that displays additional advertisements in some popular websites. Yahoo.com for example,” says research scientist Jason Ding.
“Special code in the plug-in checks to see if the page originates with Yahoo and if so, inserts its own ad from playook.info.”
There’s a long, long list of other websites targeted by the ads, including MSN, eBay, MySpace and Disney.
Baraccuda says that, already, over 82,000 Chrome users have installed the dodgy plug-ins, with around 13,000 new victims every day.
“A suggestion to Chrome users; whenever trying to install a plugin inside the Chrome web store, consider the requested permissions with a critical eye toward the intent of the plugin,” says Ding.
“If the plugin requests any permission that does not seem reasonable, do not install it. If you have already installed, uninstall them immediately and change your passwords on other websites if possible.”
He adds: “As Chrome gains more browser marketshare, Google should provide better secure solutions on Chrome web store to protect its users.”