Bad Pigs removed from Google Play after 10k users download bogus app

Share this article:
"Bad Pigs" removed from Google Play after 10k users download spurious app
"Bad Pigs" removed from Google Play after 10k users download spurious app

Scammers planted a malicious app in the Google Play store for Android users and designed it to look like a popular app called Bad Piggies.

The spurious app, called Bad Pigs, shows the same photo as the legitimate app when searched in Google Play. Bad Piggies is a spinoff game for fans of the Angry Birds app.  

Bad Pigs has been installed more than 10,000 times since May 25, a concerning rate given the fact that the app redirects users to unwanted ads, including one that links to a fake anti-virus scan that charges users €15 a week (or about $20) for the service, Sean Sullivan, a security adviser at Finnish security firm F-Secure, said in two blog posts this week.

The anti-virus ad is written in Finnish and also directs users to enter their phone number, which can be used for future malicious acts.

In addition, the app can gain numerous permissions on mobile devices, including creating desktop icons that link to ad sites, displaying ads in the Android notification bar, and creating bookmarks in the user's browser. The app can also access users' browsing history, determine their location via GPS and access other account information, including email addresses.

Dan Stokes is listed as the developer of Bag Pigs, as opposed to Rovio Mobile, the maker of the legitimate Bad Piggies game. The contact email for Stokes was hgfdhsdgjhd [at] gmail.com, another red flag, Sullivan said.

Under Stokes' page, two other apps for Android named Fruit Chop Ninja and Paper Toss 2 were also listed.

In a Friday email to SCMagazine.com, a Google spokeswoman confirmed the apps in question were removed from the Google Play store.

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...