Beware of fake Chrome Angry Birds extensions
One common theme among malicious users is to hop on the bandwagon of a popular item on the Internet to capitalize from the public's desire for information or action. Angry Birds is without doubt one of the most popular mainstream games and even though that has slowed down a bit, Rovio, the makers of the game, have put out a lot of spin-offs for the game and even the new Bad Piggies franchise.
Depending on the mobile device you are using, you either get to play it for free or have to pay money to play the game. Security research company Barracuda Networks recently analyzed extensions for the Google Chrome web browser that offered the game for free for the browser. The games were listed in the official Google Chrome web store and usable on all supported operating systems that Chrome runs on.
A quick background check of the company that produced the games revealed that it hid the domain name behind a whoisguard service that blocks data such as the address or contact person from being displayed publicly on the Internet.
The researchers then installed the extensions in a safe environment and found out that it requested access to data on all websites that is visited in the browser. This in itself does not make sense at all, and it should keep users from installing the extension. Apparently though, more than 80,000 users did not mind, read or understand, and installed the extensions on their systems.
The installed games inject ads on popular websites that the user visits. The list of sites include some of the Internet's most popular destinations including msn.com, yahoo.com, ebay.com, angrybirds.com, 9gag.com, v9.com or thepiratebay. The main issue here are not the ads. While that is bad enough for the companies, user data may also be collected and sold as a consequence of allowing the extension access to all data on all websites.
The plugin authors can acquire all the web data when users browse the Internet with Chrome and then misuse users information, such as stealing and selling user email addresses and online credit card information.
The extensions since then have been pulled from the Chrome Web store. The company has however added the games again, using the same company information and names. As it stands now, the games are still available and users have started to install them again in the browser. User count is low right now, but that is probably going to change soon considering the popularity of the franchise. It is also interesting to note that the games are not the real deal.
The only protection against this kind of malicious behavior is to look at the requested permissions during the installation process. If something does not make sense in this regard, like the permission to request data on all websites for a game, you'd better not install the plugin in your browser or be very careful about it (install it in a test environment).Advertisement