Rovio’s Bad Piggies game may not be available via Google Chrome, but that isn’t stopping bad guys from creating fake, malicious versions of the app and putting them in the Chrome Web Store.
Data protection company Barracuda Networks discovered and installed a number of the purported Bad Piggies games and discovered that they were indeed up to no good.
While all of the Bad Piggies apps listed in the Chrome Web Store are fake, some do something different, injecting ads into popular pages like MSN.com and IMDB.com when Chrome users navigate to them.
For the record, this sort of activity isn’t a violation of Google’s program policies: Google does allow developers to display ads alongside web pages as long as the activity is declared to users.
But it gets worse. Turns out that some of the apps also require permissions to “access your data on all websites,” which could allow them to access Chrome users’ passwords and other sensitive info.
These kinds of fake apps are nothing new, but in spite of that, it’s telling that Chrome users continue to install them. (It’s also telling that Google allows them to stay online.) Barracuda Networks says that as of Oct. 2, 80,000 Chrome users have installed the ad-injecting plugins.
Of course, the defense against these sorts of extensions remains the same: Check the permissions. A browser extension should be able to do just a small subset of things, and in most cases, checking your data on all websites isn’t one of them.
We’ve reached out to Google for comment and will update when the company responds.