Bad Piggies Malware Chrome Plug-in Infects 80,000 Users

Over 82,000 Google Chrome users were duped into installing a malicious browser plug-in from the Chrome web store when what they thought they were downloading was a free copy of Bad Piggies, Rovio's latest title in the Angry Birds franchise. How could such a thing happen?

A search in the Google Chrome web store for "Bad Piggies" turns up a handful of plug-ins masquerading as Rovio's latest title, and according to Barracuda Labs, they're all fronts for an ad injector that, once installed, will display additional advertisements in popular websites like Yahoo.

Bad Piggies Plug-ins

"As of Oct. 2, 2012, there are about 82,593 Chrome users who installed these ads-injected plugins, and the total number is still climbing fast day by day, e.g., about 13K new installations from October 1 to October 2," Barracuda Labs said.

At that rate, the total number of infected installations could be in the neighborhood of 200,000, and a lot more if you count other programs that do the same thing. Barracuda Labs says this isn't the first time a Chrome plug-in has requested extra permissions during installation.

"A suggestion to Chrome users; whenever trying to install a plugin inside the Chrome web store, consider the requested permissions with a critical eye toward the intent of the plugin," the security firm added. "If the plugin requests any permission that does not seem reasonable, do not install it. If you have already installed, uninstall them immediately and change your passwords on other websites if possible."

Sound advice.
Comments
RWilliams 2 years ago

While I appreciate the openness of Google sometimes, this sort of thing just shouldn't happen. Google touts security as a big feature of Chrome, and when news like this hits, it shows that it's not all that secure at all. Sure, the user -should- pay attention to what they're doing, but most don't, and when it's THAT easy to install a malicious plugin - right inside of Google's own Chrome store - I consider that to be a problem.

Post a Comment
or Register to comment