More than 80,000 users of Google Chrome were affected by an adware after they installed a fake version of Rovio's recently launched Bad Piggies game from the Chrome Web Store. The adware installs a plug-in that shows advertisements when users visit popular sites.
Security company Barracuda Networks, which spotted the fake app, have released a detailed report on the adware. If you give the app permission to “access your data on all websites”, the plug-in can help spammers and cyber criminals gain access of your personal data such as email contacts, credit card information and others.
“Searching for 'Bad Piggies' in the Chrome web store results in 8 matches as shown in Figure 1 (image below). All these plug-ins have 'Bad Piggies' inside their game descriptions, such that each of them still matches the search, even though its title doesn’t,” says Barracuda Networks.
The security company suggests affected users should uninstall the fake app immediately and change their passwords on other websites. The plug-in is unlikely to do a lot of damage, but it's not worth taking risk.
"Seven of these plugins are from the same source www.playook.info, a maker of 'free' flash games. A quick glance at the ...records for playook.info tells us... nothing," Jason Ding, a research scientist at Barracuda Networks wrote on the company blog. "What's more, installing these 7 plug-ins request a significant permissions: 'access your data on all websites'."
"This is not the first time that some Chrome plugins requested extra permissions during the installation. Last month, we reported that several “Facebook Timeline Remover” plugins also requested permission to access data on all websites, where they should only touch Facebook.com websites. Users who give up such extensive permission run the risk of getting their browsers hijacked. The plugin authors can acquire all the web data when users browse the Internet with Chrome and then misuse users information, such as stealing and selling user email addresses and online credit card information," says the research firm report.
Check out Barracuda Networks' full report here.