Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

SPONSORED BLOG: Beware of the Bad Piggies

Jason Ding - Research Scientist, Barracuda | Oct. 18, 2012
Free Web version of Rovio's Bad Piggies installs ad injector into over 82K Chrome browsers

We all know the game Angry Birds, and we all know Rovio-the maker of the breakout hit game Angry Birds. On Sept 27, Rovio launched a new puzzle video game called "Bad Piggies" which quickly became very popular: it hit the top spot in the App Store after only 3 hours. The game is easy to get; available on iTunes for $0.99 (iPhone version) and $2.99 (iPad version) and free on Google Play (for Android devices).   What this means, however, is that without Apple or Android devices, there is no way to play it.

This market niche was not overlooked for long, and quickly free versions of games that claimed to be the original Bad Piggies appeared on the Google Chrome Web store.  Downloads from the Chrome Web store can be played by anyone with the Chrome browser, installed on a Windows, Linux or Mac OS systems. Searching for "Bad Piggies" in the Chrome Web store results in 8 matches as shown in Figure 1. All these plugins have "Bad Piggies" inside their game descriptions, such that each of them still matches the search, even though its title doesn't.

Barracuda 18 Oct 1

"What Luck!", you say to yourself.  "I can play Angry Birds Bad Piggies and all the other Angry Birds games for free!"

But when our Barracuda Labs team took a closer look at these games, we noticed several questionable items. Seven of these plugins are from the same source, a maker of 'free' flash games.  A quick glance at the Whois records for tells us... nothing.  They hide their name behind Whoisguard, a very suspcious thing for a business to do.  What's more, installing these 7 plugins request a significant permissions: "access your data on all websites", shown in Figure 2 and Table 1.



At this step, you should stop installing this plugin.  Playing a Web-based game should have nothing to do with your other browser tabs at all.

We were still curious, so we installed some of these plugins in a test environment.  This is what we found.

First, this Angry Birds Bad Piggies game is not authentic: it is a pigs-shoot-birds game.

Second, and much worse, once the game installs a plug-in that displays additional advertisements in some popular websites. for example...


1  2  Next Page 

Sign up for CIO Asia eNewsletters.