Free web version of Rovio’s Bad Piggies installs ad injector into over 82K Chrome browsers

Print Friendly, PDF & Email

We all know the game Angry Birds, and we all know Rovio—the maker of the breakout hit game Angry Birds. On Sept 27, Rovio launched a new puzzle video game called “Bad Piggies” which quickly became very popular: it hit the top spot in the App Store after only 3 hours. The game is easy to get; available on iTunes for $0.99 (iPhone version) and $2.99 (iPad version) and free on Google Play (for Android devices).   What this means, however, is that without Apple or Android device there is no way to play it.

This market niche was not overlooked for long, and quickly free versions of games that claimed to be the original Bad Piggies appeared on the Google Chrome web store.  Downloads from the Chrome web store can be played by anyone with the Chrome browser, installed on a Windows, Linux or Mac OS systems. Searching for “Bad Piggies” in the Chrome web store results in 8 matches as shown in Figure 1. All these plugins have “Bad Piggies” inside their game descriptions, such that each of them still matches the search, even though its title doesn’t.

 

“What Luck!”, you say to yourself.  “I can play Angry Birds Bad Piggies and all the other Angry Birds games for free!”

But when our Barracuda Labs team took a closer look at these games we noticed several questionable items. Seven of these plugins are from the same source www.playook.info, a maker of ‘free' flash games.  A quick glance at the Whois records for playook.info tells us… nothing.  They hide their name behind Whoisguard, a very suspcious thing for a business to do.  What's more, installing these 7 plugins request a significant permissions: “access your data on all websites”, shown in Figure 2 and Table 1.

 

Table 1: Statuses of 7 Chrome plugins for playing popular Rovio games

Title

URL

Permissions

28-Sep

#Users

1-Oct

#Users

2-Oct

#Users

Angry Birds Bad Piggies https://chrome.google.com/webstore/detail/fpokembamndopkflopmplkklbdngnknd Your   data on all websites 2,725 6,595 8,258
Angry Birds Space HD https://chrome.google.com/webstore/detail/goedioiidkokkbobdnopnlnaaalniegm Your   data on all websites 8,094 12,758 15,643
Angry Birds Huge https://chrome.google.com/webstore/detail/omnicnmbagoinlpamknknbcgopadcoci Your   data on all websites 5,728 7,983 10,003
Angry Birds Forest https://chrome.google.com/webstore/detail/ajlkjjdbgcjdiklbcomhnfghjigfccoh Your   data on all websites 3,882 5,590 6,300
Angry Birds Heikki https://chrome.google.com/webstore/detail/indfhnliadamglhalanplbajgenpjdml Your   data on all websites 3,113 5,205 6,852
Angry Birds Rio https://chrome.google.com/webstore/detail/dhclobcklknojliojkkclgjndemadnig Your   data on all websites 14,445 17,540 19,264
Angry Birds Space https://chrome.google.com/webstore/detail/pfaooklcbjnkgconjjepimkohgcjmdji Your   data on all websites 9,634 13,965 16,273
Total users count:  47,621  69,636  82,593

At this step, you should stop installing this plugin.  Playing a web-based game should have nothing to do with your other browser tabs at all.

We were still curious, so we installed some of these plugins in a test environment.  This is what we found.

First, this Angry Birds Bad Piggies game is not authentic: it is a pigs-shoot-birds game.

Second, and much worse, once the game installs a plug-in that displays additional advertisements in some popular websites.

 

Special code in the plug-in checks to see if the page originates with Yahoo and if so, inserts it's own ad from playook.info,

 

A little more digging turned up a list of websites that are targeted

 

We saw similar problems with angrybirds.com and MSN.com.

This is not the first time that some Chrome plugins requested extra permissions during the installation. Last month, we reported that several “Facebook Timeline Remover” plugins also requested permission to access data on all websites, where they should only touch Facebook.com websites. Users who give up such extensive permission run the risk of getting their browsers hijacked.  The plugin authors can acquire all the web data when users browse the Internet with Chrome and then misuse users information, such as stealing and selling user email addresses and online credit card information.

As of Oct. 2, 2012, there are about 82,593 Chrome users who installed these ads-injected plugins, and the total number is still climbing fast day by day, e.g., about 13K new installations from October 1 to October 2.

A suggestion to Chrome users; whenever trying to install a plugin inside the Chrome web store, consider the requested permissions with a critical eye toward the intent of the plugin. If the plugin requests any permission that does not seem reasonable, do not install it. If you have already installed, uninstall them immediately and change your passwords on other websites if possible.

As Chrome gains more browser marketshare, Google should provide better secure solutions on Chrome web store to protect its users. Until then, it's especially important that Chrome users know how to protect themselves.

Scroll to top
Tweet
Share
Share