Fake ‘Bad Piggies’ plugins still present in Google Chrome web store

Print Friendly, PDF & Email

By Jason Ding – Research Scientist

After our recent report on fake “Angry Piggies” games in Google Chrome web store that hijacked display advertisements, the word has been spread among users to exercise caution when shopping the Google Chrome web store.

Google has also taken action. On last Friday they removed the 7 bad plugins that we mentioned in our blog, all developed by playook.info, from the web store.  Chrome users can no longer see and install these plugins.

However, the bad guys haven't given up. A few hours later on Friday afternoon, another 6 “Angry Birds” plugins published by playook.info are live again in Chrome store. Users can easily search “Bad Piggies” to find them, listed in the table below.

Title

URL

Permissions

Released on & Version

Oct. 8

#Users

Oct. 9

#Users

Oct. 10

#Users

Angry Birds Bad Piggies https://chrome.google.com/webstore/detail/angry-birds-bad-piggies/gnofjgfhibegiiaiobadjhhadiajhido Your data on all websites

Oct 5, 2012

Ver. 1

252

444

639

Angry Birds Huge https://chrome.google.com/webstore/detail/angry-birds-huge/jfhmafmjfdblceidmfdmoihamolaaeco Your data on all websites

Oct 5, 2012

Ver. 1

65

111

147

Angry Birds Forest https://chrome.google.com/webstore/detail/angry-birds-forest/bdgijcibmhjjccgbdohofncdjcophknj Your data on all websites

Oct 5, 2012

Ver. 1

55

94

136

Angry Birds Heikki https://chrome.google.com/webstore/detail/angry-birds-heikki/hfcgbiofoebieldldghfocjfnnajmpej Your data on all websites

Oct 5, 2012

Ver. 1.1

41

71

103

Angry Birds Rio https://chrome.google.com/webstore/detail/angry-birds-rio/fomljmklmcefndkgpakgifbiiidgbjej Your data on all websites

Oct 5, 2012

Ver. 1

34

60

80

Angry Birds Space https://chrome.google.com/webstore/detail/angry-birds-space/jeehjhnmgohgpfpjneglogiholalkeip Your data on all websites

Oct 5, 2012

Ver. 1

82

127

201

Total users count:

529

907

1306

 

Here is a screenshot of one of the new “Angry Birds Bad Piggies” apps.  Note that the Chrome web store has used a new URL format for plugins that shows the name of the plugin in the URL.

 

We installed these six plugins again in our test environment and checked their functionality. Unsurprisingly, all of them behaved the same as previous bad plugins: users were redirected to playook.info to play fake flash games and ads from playook.info were injected when users subsequently browsed many popular websites such as msn.com, yahoo.com, myspace.com, and imdb.com. In fact, these plugins have very similar JavaScript code as the ones we wrote about before.

As of today, there are 907 installations in total for these malicious plugins.

If Google was so quick to remove the original offending plugins in the morning, how is it that essentially the same ones reappeared the same afternoon?  Begging the question: Is there any applicable security vetting for Chrome web store?

Scroll to top
Tweet
Share
Share