Rovio launched a new puzzle game, Bad Piggies, in late September. Bad Piggies is a spinoff of their popular Angry Birds franchise. The game is in the point of view of the pigs and the goal is to make contraptions that would aid the Piggies in getting the eggs of the Angry Birds.
In just three hours after launch, it took the top spot in Apple’s App Store despite $0.99 for the iPhone version and $2.99 for the iPad version. Android users were lucky to get access to it for free.
And like Angry Birds, because of its popularity, malicious versions of Bad Piggies were quick to surface the web. Contrary to what Barracuda Labs Internet Security claimed that “without Apple or Android device there is no way to play it,” you can actually play Bad Piggies on your Mac or Windows PC as they were already available when the iOS and Android versions were launched. So it’s mind boggling that people had to go to shady sites just so they can play Bad Piggies on their computers. The paid Windows version cost $4.95 but if you just want to try it out, there’s a free demo version available for download on Rovio.
Anyway, it wasn’t too long when a free web app claiming to be the original version of Bad Piggies appeared on Google Chrome and this is where things started to get dim. When Barracuda searched for Bad Piggies on the Chrome Web Store, they found 8 matches but the curious thing was 7 of the 8 came from the same source: www.playook.info, a maker of ‘free’ flash games. But when you check Chrome Web Store now and search for Bad Piggies, you’ll be presented with 6 matches and only one of those came from Playook.
When a user installs any of the 7 plugins that Barracuda found, users were prompted to give permission to allow the app to “access all your data on all websites.” Now this is scary since apps or plugins aren’t allowed to this because of security and privacy issues. If a users allowed this, the app injects ads to a number of popular websites such as Yahoo, eBay, MSN, IMDB and more. But that’s not the most troublesome part.
Aside from injecting ads, the malicious plugin will be able to hijack a user’s browser which means everything you do on your browser can be acquired by the adware author. So your credit card information, your e-mail, social network accounts and more can be acquired and used by the adware author. Barracuda claims that there are already 80,000 affected computers and the number just keeps rising. As of Oct. 2, 2012, there are about 82,593 Chrome users who installed these ads-injected plugins with about 13K new installations from October 1 to October 2.
If you think you’ve downloaded a questionable app from Chrome, uninstall it immediately and change the passwords of all your online accounts just to be sure. And next time that you want to install something from Chrome Web Store or any other app store, mobile or web, remember to be wary of apps asking for your permission to access all your data from all websites. If an app asks this, do not install the app. And before looking elsewhere, check with the app creator first since most of the time, they offer demo versions for free so you can try the game without spending.