2012年10月5日星期五

Fake Angry Birds games hijack Google Chrome browser


Fake games imitating popular Angry Birds titles in the Google Chrome Web store can hijack your browser and display extra ads on websites, security firm Barracuda Networks has found—and some 83,000 Chrome users have already installed these suspicious fake games.
The imposters struck when game developer Rovio launched a new title in its Angry Birds franchise called Bad Piggies on September 27. Available from the App Store for $1 for iPhone and $3 for iPad, and for free from Google Play, Bad Piggies quickly became a hit, reaching the top downloads charts for both mobile operating systems. But unlike previous Angry Birds titles, Rovio is not offering an official online version of the game that is played for free from a browser.
The lack of a free online version for Bad Piggies left space for others to capitalize on the instant success of the game. Just days after the game launched, Jason Ding, a research scientist from Barracuda Networks, found seven free versions of the games in the Google Chrome web store. These games are not official versions of Angry Birds titles, but they do use the name Bad Piggies inside their title or descriptions, making them easy to find with a simple search.
A selection of non-Rovio versions of the newest Angry Birds game. (Click to enlarge)

The Google Chrome Web Store invites developers to submit browser apps or plug-ins for free, after an initial $5 fee. Anyone with the browser can then install and use them, whether on a Windows PC, a Mac, or even Linux. But upon closer inspection, Ding found the third-party versions of the Rovio games have more problems with than their shady nature: They request to “access your data on all websites” and then also display additional ads when visiting some popular websites, such as Yahoo, MSN, eBay, or iMDB.

“Special code in the plug-in checks to see if the page originates with Yahoo and if so, inserts its own ad from playook.info,” Ding explains in a blog post. “The plug-in authors can acquire all the web data when users browse the Internet with Chrome and then misuse users information, such as stealing and selling user email addresses and online credit card information.”

Non-Rovio Angry Birds game asking permission to access your website data. (Click to enlarge)

Unaware of the implications of these fake Google Chrome games, more than 83,000 Chrome users have installed these ad-infected plug-ins, Barracuda Research estimates, “and the total number is still climbing fast day by day.” The advice from Ding, if you installed any of these plug-ins, is to uninstall them immediately and change your passwords on other websites if possible. Otherwise, he advises to consider the requested permissions such as “access your data on all websites” with a critical eye toward the intent of the plug-in, as games do not require such permissions to work properly.
Requests for comment from Google were met with no response.

没有评论:

发表评论