Bad Bad Piggies – beware of fakes

First noted last week by Barracuda Labs, fake versions of Bad Piggies are already being promoted. Bad Piggies was released for iOS and Android in late September – and within three hours it became the #1 iOS download. There are other versions for Windows and Mac – but there is no version for Chrome. “This market niche was not overlooked for long, and  free versions of games that claimed to be the original Bad Piggies appeared on the Google Chrome web store quickly”, reported Jason Ding of Barracuda.

Checking the Chrome web store, he found eight matches to ‘bad piggies’ – seven from the same company. “What's more”, he noted, “installing these 7 plugins request a significant permissions: ‘access your data on all websites’.”

That’s not something you should allow. Commenting on one particular fake app brazenly named ‘Bad Piggies’, Jindrich Kubec, a senior analyst with Avast VirusLab, said, “Because this fake app asked permission to access your data on all websites, it has the potential to steal sensitive personal information like contact lists and credit card numbers.”

For the most part, the fake apps seek to superimpose adverts on some of the world’s most popular websites whenever an ‘infected’ user visits them – such as MSN, Yahoo, Disney and The Pirate Bay. Barracuda sees the solution to such problems as two-part. Firstly, users should be more critical of the plug-ins’ requested permissions. “If the plugin requests any permission that does not seem reasonable, do not install it,” said Ding. Secondly, in an oft-repeated plea, “As Chrome gains more browser marketshare, Google should provide better secure solutions on Chrome web store to protect its users.”

But for all users who have already installed a fake Bad Piggies, Avast’s Kubec says simply, “Our advice is to uninstall the app immediately and change passwords on other sites.” Don’t forget that last point, because the bad guys might have already got hold of your passwords.

What’s hot on Infosecurity Magazine?